diff --git a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json index c10c6a5446..8c08569e30 100644 --- a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json +++ b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json @@ -1,44 +1,10 @@ { "type": "bundle", - "id": "bundle--a807a930-6a25-4789-ab86-7a1a304fba38", + "id": "bundle--73002265-876c-44dc-9a19-dcafc22b7779", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android", - "iOS" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Lorin Wu, Trend Micro" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", - "type": "attack-pattern", - "created": "2020-11-04T16:43:31.619Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1603", - "url": "https://attack.mitre.org/techniques/T1603" - }, - { - "source_name": "Android WorkManager", - "url": "https://developer.android.com/topic/libraries/architecture/workmanager", - "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020." - }, - { - "source_name": "Apple NSBackgroundActivityScheduler", - "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler", - "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020." - } - ], - "modified": "2020-11-04T19:45:38.144Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Scheduled Task/Job", "description": "Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. On Android and iOS, APIs and libraries exist to facilitate scheduling tasks to execute at a specified date, time, or interval.\n\nOn Android, the `WorkManager` API allows asynchronous tasks to be scheduled with the system. `WorkManager` was introduced to unify task scheduling on Android, using `JobScheduler`, `GcmNetworkManager`, and `AlarmManager` internally. `WorkManager` offers a lot of flexibility for scheduling, including periodically, one time, or constraint-based (e.g. only when the device is charging).(Citation: Android WorkManager)\n\nOn iOS, the `NSBackgroundActivityScheduler` API allows asynchronous tasks to be scheduled with the system. The tasks can be scheduled to be repeating or non-repeating, however, the system chooses when the tasks will be executed. The app can choose the interval for repeating tasks, or the delay between scheduling and execution for one-time tasks.(Citation: Apple NSBackgroundActivityScheduler)", "kill_chain_phases": [ @@ -51,12 +17,48 @@ "phase_name": "persistence" } ], - "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", + "x_mitre_platforms": [ + "Android", + "iOS" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "Lorin Wu, Trend Micro" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "created": "2020-11-04T16:43:31.619Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1603", + "external_id": "T1603" + }, + { + "source_name": "Android WorkManager", + "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020.", + "url": "https://developer.android.com/topic/libraries/architecture/workmanager" + }, + { + "source_name": "Apple NSBackgroundActivityScheduler", + "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020.", + "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json index dbfca85c4b..feb2cb237d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json +++ b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7bbcc04c-9333-418b-9da5-16d49d46b858", + "id": "bundle--9d291b44-6fd4-4d81-8b4f-2a5ea12e3ca4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json index a536034587..80c2048752 100644 --- a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json +++ b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4d7eb8b5-89c4-4b02-bad4-c70c61eece42", + "id": "bundle--28660bb2-c3c2-4743-ab91-7b20e4ac3051", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json index 22ecb33677..a42623bdad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json +++ b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--de77225d-7087-4627-9eb8-256b4ec4ea4e", + "id": "bundle--402bcd38-eaee-43b3-b8f7-4b531583b21b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json index 30fd3085ab..239a97ea9c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json +++ b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a3181639-e85a-4f9d-9974-84e82dc6ab36", + "id": "bundle--557f6abf-786b-4e7a-8a16-9f419ed14476", "spec_version": "2.0", "objects": [ { @@ -33,7 +33,8 @@ "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json index d444c19824..c701c6cb67 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json +++ b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--067de560-2186-4e79-bef6-49a3a5910f85", + "id": "bundle--a5a9f230-25a3-46de-8b4c-45fab35c56e8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json index d5e4f86236..d96f3eb117 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json +++ b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--99d3fadc-98e1-4d08-9c0f-6b6fb7618b6f", + "id": "bundle--c3a681c2-27d7-4b80-90d2-d648806bf6e4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json index eab0544332..1cea559823 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json +++ b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a088edbd-fb97-4f66-b115-e312cdf22e0e", + "id": "bundle--ec7240c4-9ec1-40fc-998a-c8120f4f6259", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json index 1d40376747..5aa7ec78f6 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json +++ b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8179cb62-340e-4581-8f71-0a65f5fb3d13", + "id": "bundle--7900cfa8-ccc6-45ab-bf92-855b1b026ce6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json index fa71e76a4e..302780f36a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json +++ b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json @@ -1,38 +1,53 @@ { "type": "bundle", - "id": "bundle--d0d95ee5-3c81-4384-83a2-c88f7e98f0b0", + "id": "bundle--00ce2d31-fdee-4d36-8ff9-45179c602ed4", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-21T13:44:56.301Z", + "name": "Impersonate SS7 Nodes", + "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)", + "kill_chain_phases": [ + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "collection" + }, + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "discovery" + } + ], + "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.", "x_mitre_platforms": [ "Android", "iOS" ], + "x_mitre_is_subtechnique": true, + "x_mitre_deprecated": false, "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], + "x_mitre_version": "1.0", "type": "attack-pattern", "id": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", "created": "2022-04-05T19:49:58.938Z", - "x_mitre_version": "1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, "external_references": [ { "source_name": "mitre-attack", - "external_id": "T1430.002", - "url": "https://attack.mitre.org/techniques/T1430/002" + "url": "https://attack.mitre.org/techniques/T1430/002", + "external_id": "T1430.002" }, { "source_name": "3GPP-Security", - "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf", - "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016." + "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.", + "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf" }, { "source_name": "CSRIC5-WG10-FinalReport", - "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", - "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017." + "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.", + "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf" }, { "source_name": "CSRIC-WG1-FinalReport", @@ -40,43 +55,28 @@ }, { "source_name": "Positive-SS7", - "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf", - "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016." + "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.", + "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf" }, { "source_name": "Engel-SS7-2008", - "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI", - "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016." + "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.", + "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI" }, { "source_name": "Engel-SS7", - "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", - "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016." + "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.", + "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", "external_id": "CEL-38" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)", - "modified": "2022-04-11T19:10:05.885Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Impersonate SS7 Nodes", - "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.", - "kill_chain_phases": [ - { - "phase_name": "collection", - "kill_chain_name": "mitre-mobile-attack" - }, - { - "phase_name": "discovery", - "kill_chain_name": "mitre-mobile-attack" - } + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "x_mitre_is_subtechnique": true, "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } diff --git a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json index 2a2f646c89..88bc406715 100644 --- a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json +++ b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b3a3feee-1681-47ba-acb6-b9cd37970e0a", + "id": "bundle--d082bd02-8096-43b8-af0a-603f18eb8ed9", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "Insecure Third-Party Libraries", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json index 04d9de24e4..33cd13ddfc 100644 --- a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json +++ b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--56b238bf-867e-47b3-964f-3e3fce3be628", + "id": "bundle--ca10b00b-ae6e-453d-a360-0f8308ffc467", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json index 6928dce020..d973c21d16 100644 --- a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json +++ b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f77e6e2e-1070-43eb-a256-56db70eb15ce", + "id": "bundle--8b62ebe8-aaab-4946-bc6f-7a50d7ac8aea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json index b15cf9c87e..fb6fb20b11 100644 --- a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json +++ b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--54ec31a6-cc0c-43c6-b4be-83a5b7434243", + "id": "bundle--e72ab6f4-aabf-4de3-b8a5-28e3ce1d1e22", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json index 5e658a0132..726b6e65eb 100644 --- a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json +++ b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--763720f5-0c6b-4012-96d6-5f806df1e71e", + "id": "bundle--eeec7cae-1baa-451b-97ab-1662ca85dd99", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json index 36d839d31d..f3615d3bbb 100644 --- a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json +++ b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--958bdb55-963c-475b-b6b3-09e650d32f48", + "id": "bundle--972f1804-e356-45a1-a269-a3833684f234", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json index 2c2c4f4539..cc966e7d2d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json +++ b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cd3daa73-08d8-47e1-8347-81f75745139c", + "id": "bundle--af48ac4d-bb1f-4030-b6ed-349cacbce986", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json index 123e086463..2aaa27099a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json +++ b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cbdee11e-0ddd-4fe9-9500-e3af735fd8c1", + "id": "bundle--0f5d9464-a65e-4d21-b82c-c98d5420cb44", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "App Delivered via Email Attachment", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json index cdd80984b6..9922c89c01 100644 --- a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json +++ b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--02dba93a-4bc3-47b3-8861-172ebc7fee88", + "id": "bundle--911e2363-a301-4898-aeb6-078b9cd14c65", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json index 3355004a82..738a0842fa 100644 --- a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json +++ b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--01a605f3-3f75-4beb-87b5-1373de6c8cf6", + "id": "bundle--49758e81-17eb-43a5-8c7b-1d2ce6e684d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json index 9e662b8826..ddf8621f05 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json +++ b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d2b3f7a-3db9-4080-baf8-6d1626dd5293", + "id": "bundle--4311240c-1804-4f2b-a0e2-5a0e4a90d4c7", "spec_version": "2.0", "objects": [ { @@ -68,7 +68,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json index ce9ea9bd1a..49aad049ef 100644 --- a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json +++ b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5e78ff1f-9b49-47d4-806f-331a01e220f3", + "id": "bundle--9670e5fb-90fd-4851-9883-8d41f9632cc9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json index 10c756a1cf..b971e2febf 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json +++ b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9b1c42e7-88fd-4c9e-a09e-6e53c568b2d4", + "id": "bundle--53310f6b-be11-4448-bbdc-21567c957520", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json index 01e37fd90e..1c74dc52f7 100644 --- a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json +++ b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--31766d5a-36dd-45f1-94ad-de973dbae53d", + "id": "bundle--774e8d80-6890-452a-a0ee-6dfb46c8ec45", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json index e3b555d65b..6db6263d35 100644 --- a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json +++ b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8dbf9fd1-0dbb-41dc-9f59-9f0c9808fd89", + "id": "bundle--833f2659-bace-4daf-9360-67abbf78d37c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json index dfbb5b6738..f0f8ed46fe 100644 --- a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json +++ b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--81c88c82-a54e-4c99-bd17-718748c967ab", + "id": "bundle--4d2d9f40-de11-41d0-92d6-bc5616157ee2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json index b475a2b575..48ae2def9e 100644 --- a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json +++ b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--244460a9-d94d-4e3e-aa7f-2e9ac393c531", + "id": "bundle--9bd71dc6-7a91-44e1-87dc-4395ef40f95c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json index 6e2eacd524..e9ced83c65 100644 --- a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json +++ b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8698654d-082d-4830-853b-b1bf1490d09d", + "id": "bundle--34c72620-1f70-4050-8d15-f3e6308ea69f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json index 3b40864ca7..78c2c34897 100644 --- a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json +++ b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ce60266b-5753-4e5a-8fac-919e8acb03b8", + "id": "bundle--276c005b-78a9-4ba4-be21-f893d4dbfae9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json index d705f19f07..3f64a686e6 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json +++ b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c41fa93-3294-47e6-8c08-6fc298a18b54", + "id": "bundle--59a6c337-b4a2-4dd8-8615-3b74df1913ae", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json index d945c0aefa..c0c7e11d7d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json +++ b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--88f67b00-8b23-47d9-ba13-889d1656314c", + "id": "bundle--cfda4c0c-e547-4571-9e14-cd1ac36f6be2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json index b79a201574..a00aaa7760 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json +++ b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b517cd1-6637-4afa-95d2-503d2340852c", + "id": "bundle--b61034a0-36e1-4d92-beeb-f99268e14c3e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json index a00838ba02..88cf63e28a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json +++ b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--74d099ec-a324-4cb2-9c3a-2654b860b787", + "id": "bundle--6713a306-170c-40c5-9ec3-a779d50dcc60", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json index 9078a27640..e6fc80b3f2 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json +++ b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c4243da4-fe30-47f0-9cac-df5836968d41", + "id": "bundle--374d01e3-1b0f-40f1-bded-2a42982a8456", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json index 19ae060c9a..637466f84d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json +++ b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2029071c-05b7-4214-9cde-90f2fb30f665", + "id": "bundle--bf8fab9a-02cb-44d7-8106-952a7c40d128", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json index 9597614fe3..243e872566 100644 --- a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json +++ b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8a0580b8-f79f-4372-8fe4-37556fa4cfcf", + "id": "bundle--6ef32b98-eb61-43f0-ae8d-c0f226b56f37", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json index cd75205226..61f5a2016e 100644 --- a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json +++ b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7e81d9ef-01a2-4ea9-9e15-aaf48d96befd", + "id": "bundle--7a4ffa35-0211-40cf-bf1b-f3e8fdc348b4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json index e9e45cdfde..4f3a1c25af 100644 --- a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json +++ b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json @@ -1,58 +1,10 @@ { "type": "bundle", - "id": "bundle--65f52d89-72b3-469f-a59c-e861e76a9f79", + "id": "bundle--9d8fb156-8785-4954-8a91-5363dad56f5f", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Gaetan van Diemen, ThreatFabric" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "type": "attack-pattern", - "created": "2021-09-20T13:42:20.824Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1616", - "url": "https://attack.mitre.org/techniques/T1616" - }, - { - "external_id": "APP-41", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html" - }, - { - "external_id": "CEL-42", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html" - }, - { - "external_id": "CEL-36", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html" - }, - { - "external_id": "CEL-18", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html" - }, - { - "source_name": "Android Permissions", - "url": "https://developer.android.com/reference/android/Manifest.permission", - "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021." - } - ], - "modified": "2021-09-27T18:05:42.788Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Call Control", "description": "Adversaries may make, forward, or block phone calls without user authorization. This could be used for adversary goals such as audio surveillance, blocking or forwarding calls from the device owner, or C2 communication.\n\nSeveral permissions may be used to programmatically control phone calls, including:\n\n* `ANSWER_PHONE_CALLS` - Allows the application to answer incoming phone calls(Citation: Android Permissions)\n* `CALL_PHONE` - Allows the application to initiate a phone call without going through the Dialer interface(Citation: Android Permissions)\n* `PROCESS_OUTGOING_CALLS` - Allows the application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether(Citation: Android Permissions)\n* `MANAGE_OWN_CALLS` - Allows a calling application which manages its own calls through the self-managed `ConnectionService` APIs(Citation: Android Permissions)\n* `BIND_TELECOM_CONNECTION_SERVICE` - Required permission when using a `ConnectionService`(Citation: Android Permissions)\n* `WRITE_CALL_LOG` - Allows an application to write to the device call log, potentially to hide malicious phone calls(Citation: Android Permissions)\n\nWhen granted some of these permissions, an application can make a phone call without opening the dialer first. However, if an application desires to simply redirect the user to the dialer with a phone number filled in, it can launch an Intent using `Intent.ACTION_DIAL`, which requires no specific permissions. This then requires the user to explicitly initiate the call or use some form of [Input Injection](https://attack.mitre.org/techniques/T1516) to programmatically initiate it.", "kill_chain_phases": [ @@ -69,12 +21,62 @@ "phase_name": "command-and-control" } ], - "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "Gaetan van Diemen, ThreatFabric" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "created": "2021-09-20T13:42:20.824Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1616", + "external_id": "T1616" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html", + "external_id": "APP-41" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html", + "external_id": "CEL-42" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html", + "external_id": "CEL-36" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html", + "external_id": "CEL-18" + }, + { + "source_name": "Android Permissions", + "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021.", + "url": "https://developer.android.com/reference/android/Manifest.permission" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json index bd5b59526b..14459c701c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json +++ b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--334db50e-aa6b-416f-a953-93ece10dd8e0", + "id": "bundle--a8b678c1-07d1-4971-9e69-1d773278aa06", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json index 11475e5f8d..71a550c33b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json +++ b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9be0e937-5cf1-4295-adaa-7a50f7aaee7d", + "id": "bundle--ebd422b0-bf8a-4fcc-9534-6566f7141f48", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json index 5c07309202..49afdbd0ac 100644 --- a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json +++ b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db9ee438-1eb6-4659-a665-86db6a5dcc79", + "id": "bundle--efd23b8b-651b-4ee4-90be-5b144e40e5a6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json index 9a8c07cefe..a3b7f4df8e 100644 --- a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json +++ b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc3ea944-51db-4b2c-a42e-e0a98511f1aa", + "id": "bundle--ac4cf8b0-fdd6-4225-8770-33f202775e99", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json index 20072e87bb..27e34e70a3 100644 --- a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json +++ b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a006bc07-b37d-4371-9dda-be86547d2cc5", + "id": "bundle--f0f04647-27a9-4919-bb60-258a7249f2e2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json index 8f4bb8c3b4..755eeebe8a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json +++ b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7f14f58b-0b23-43c8-ab92-b85fe9024a5c", + "id": "bundle--2c62c9ac-b9dd-4e38-bf26-3471487bbcad", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json index 4d8a9339e0..20a2bdf370 100644 --- a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json +++ b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e879422f-6d9b-442e-af49-f00a86ad58d2", + "id": "bundle--9e7247f9-0717-4ca3-9455-13995fae8bf4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json index f5d2e8cf3e..c6f846887d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json +++ b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0cd92fcd-96f0-4a64-8a1f-62985a40b82f", + "id": "bundle--5709d32d-e096-4a81-9ce9-50da2b9f7123", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json index 0e05fd0fcd..126138bc8c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json +++ b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--622dc01b-d9b9-40da-9f50-cf22794442c3", + "id": "bundle--528290e0-3b97-4239-8de5-a94986c0ec30", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Biometric Spoofing", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json index 0d8b7de7f6..c7bb4ffc80 100644 --- a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json +++ b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aede2ce9-6941-48aa-8062-a7d71ee91220", + "id": "bundle--f9684e66-fa5c-4a3e-8463-12827f344458", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json index 8c91ac441a..240798113c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json +++ b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d676552b-fd8c-47b2-9a7a-e39402a2f562", + "id": "bundle--7e0ae2bd-b5c9-4c0a-b8df-b68424c55720", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json index ab4fb3fc49..52c3fe1327 100644 --- a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json +++ b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2b9761d-d3c1-421f-8ebc-2682aeeab7fb", + "id": "bundle--23b7c727-5492-458e-abef-52ce75435fb2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json index 4e4c73813b..2832277be7 100644 --- a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json +++ b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--659cef61-1152-436e-b9f0-cd2d9ab2f4c5", + "id": "bundle--23c05b69-0fa2-4ab2-b2f5-af5c7382904a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json index a96b6e5376..1ca968c951 100644 --- a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json +++ b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2745475e-b2a8-4c87-8f00-271ee9af8e9c", + "id": "bundle--89ba096f-1c39-44ae-8d6f-9fa02e39ea52", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json index fe45415b13..3f6f820c2d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json +++ b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c2c3f01c-3a92-4aea-900e-05b08c7bd6cb", + "id": "bundle--f903306c-51af-4163-b3fb-2e4e1ff2cc9c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json index b173b12ce2..1f4092821c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json +++ b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30a39c89-3037-4cf4-bc13-1e38b621ddfe", + "id": "bundle--efff8f0f-6d13-49e6-84aa-ab7831f8c4bc", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Abuse of iOS Enterprise App Signing Key", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json index 86b87fb81e..3d1098665e 100644 --- a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json +++ b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b3a0fe6b-96f2-43da-8cdb-28de8e8c19d3", + "id": "bundle--d2107341-c22d-4100-8c39-f4d662a1e3cb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json index 53263c466c..277ae0f21b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json +++ b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0adeb491-7bb5-4f83-aec3-193950e2a704", + "id": "bundle--856861ae-9f64-4b8e-ac65-b6bafe369076", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json index 27e51c9186..6377378668 100644 --- a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json +++ b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--57f91813-605a-4c90-a303-0316f80f03f5", + "id": "bundle--b50a45f9-e2e1-461b-959c-abcd0b0be505", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json index cf7d96fb7d..456f477faf 100644 --- a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json +++ b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e8086e76-27fa-454e-aaaa-96a8e0bc4577", + "id": "bundle--79c98063-7c43-4bf7-a907-2c6ff1f297a1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json index 10ee7cf8d7..aab552ca1b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json +++ b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json @@ -1,35 +1,10 @@ { "type": "bundle", - "id": "bundle--3a0104cd-f934-4bee-8f00-6d86c356bca9", + "id": "bundle--239d888c-962e-49b6-8873-2279c3c53d35", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", - "type": "attack-pattern", - "created": "2020-11-30T14:26:07.728Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1604", - "url": "https://attack.mitre.org/techniques/T1604" - }, - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-12-04T20:30:31.513Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Proxy Through Victim", "description": "Adversaries may use a compromised device as a proxy server to the Internet. By utilizing a proxy, adversaries hide the true IP address of their C2 server and associated infrastructure from the destination of the network traffic. This masquerades an adversary\u2019s traffic as legitimate traffic originating from the compromised device, which can evade IP-based restrictions and alerts on certain services, such as bank accounts and social media websites.(Citation: Threat Fabric Exobot)\n\nThe most common type of proxy is a SOCKS proxy. It can typically be implemented using standard OS-level APIs and 3rd party libraries with no indication to the user. On Android, adversaries can use the `Proxy` API to programmatically establish a SOCKS proxy connection, or lower-level APIs to interact directly with raw sockets.", "kill_chain_phases": [ @@ -38,12 +13,39 @@ "phase_name": "defense-evasion" } ], - "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", + "created": "2020-11-30T14:26:07.728Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1604", + "external_id": "T1604" + }, + { + "source_name": "Threat Fabric Exobot", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json index cfb72df868..5180e88e75 100644 --- a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json +++ b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c0cf0062-a06d-4b33-80c4-d05e0f6af92c", + "id": "bundle--3f04bdbd-39dc-47be-b765-4c53ea1fe57c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json index 21896c909e..9a5438092a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json +++ b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--59ddbdfa-0f16-4f4f-b598-077c290dbf7c", + "id": "bundle--e06ef7d2-2c80-4a3d-8391-9f8e5f6a0e36", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json index 26930b18d7..0d13d48861 100644 --- a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json +++ b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--07ddf7e8-6bf2-4eea-b6ce-c4b6e03d0b4e", + "id": "bundle--0691f0fd-00af-405f-8c68-0652978fb342", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json index 310bdd3bdb..09c5e8242e 100644 --- a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json +++ b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1596d422-9498-4639-bd60-269f7a3ba646", + "id": "bundle--774bbc4a-8ab3-4364-a376-2fff5c8bef91", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json index cba16f1b52..18cfb20c00 100644 --- a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json +++ b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f2669766-2702-4762-8ef4-6df3f3dff4a5", + "id": "bundle--9700395f-64d1-45f5-86b5-d2df7b51db39", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json index a06ca65666..0afdc449b8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json +++ b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d9e2fa79-a4cb-4197-bc96-316750444746", + "id": "bundle--6ffa7147-60de-461d-b148-b9390fc03ed8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json index 8aebc7429f..e681840e91 100644 --- a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json +++ b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43a39fed-41e0-4269-81a8-8903ef6e2839", + "id": "bundle--98bc4c84-7243-4474-9b27-80bec690314f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json index d6067c5e40..80c3d4427f 100644 --- a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json +++ b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7c4fe795-008f-4e98-a1fe-1019d007dcda", + "id": "bundle--ce40e1a2-781d-4596-adaa-74b0681176e8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json index dcea5178c9..b6371f55d5 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json +++ b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f639f3ce-7f2f-48c5-97d0-ee70d853b3b0", + "id": "bundle--b135ced6-a64c-48ca-8e51-33c8aaa76277", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json index f366ec3257..a3967755c4 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json +++ b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ffd1cc9-227f-42cb-bc31-4abfc7277d19", + "id": "bundle--5ab3df75-2367-410b-b8af-c313c923abe5", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "App Delivered via Web Download", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json index 5661fa27fa..9d380e21e8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json +++ b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c9e7a702-f4ae-4fdf-8e2e-4a4db3b53886", + "id": "bundle--8d4cbd12-390e-434b-9cf4-d0a25383f828", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json index 7e0e848ffa..446ed2041d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json +++ b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7d43bda3-deca-4666-9e08-eefe0c7e8d96", + "id": "bundle--bc8401ed-a427-47a1-9188-2dbec0c34f85", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json index 6bae7610b1..331881b090 100644 --- a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json +++ b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7ffd740f-537c-4ab4-81ef-dd6ae039d3a9", + "id": "bundle--803d457a-ab39-4538-a24e-1173c5032e64", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json index 74425bab2b..3fc70c3506 100644 --- a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json +++ b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43af0e94-5406-4f2d-8d6d-aeb95e05e1b1", + "id": "bundle--7f0e893d-4352-4e8e-84a2-64688457836e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json index 99b748eac3..2d5fae6e46 100644 --- a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json +++ b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--65009a9d-4245-4476-826e-2c82f27f826c", + "id": "bundle--cd7b2822-3dc9-4e54-a8bf-79f0bde21eb4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json index dbf1de2ec8..c86c86e392 100644 --- a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json +++ b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2e5afac-606d-40f5-ae19-80663e8b462a", + "id": "bundle--270e0444-b59d-4446-abba-bb81aba386f9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json index db3f4667db..85b45f288b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json +++ b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a50ee87e-9226-4878-a35b-17a405f92cd9", + "id": "bundle--fb4ad787-15c4-4f62-bdb1-3dfaac2e54e5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json index ee922e352d..928a287477 100644 --- a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json +++ b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e271648d-8085-4eee-a82a-fda44eef68d3", + "id": "bundle--ba58366e-30ad-4d87-923e-b6f2628e3324", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json index 2d234c76d7..a0a3769ea5 100644 --- a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json +++ b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9f0ca5d-5ada-4deb-b86e-e7bb058e6af8", + "id": "bundle--8ae57a91-9b60-4813-9ab7-c8a7f3d92f32", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json index d21de59a7c..ca256c8bad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json +++ b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a170985d-09f4-4e27-ae3d-9cf8ba549580", + "id": "bundle--29e2cf43-ef23-4ca9-b68b-ca41fa9b8ae5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json index 5c288afc78..ef82ea5139 100644 --- a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json +++ b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--87f1e6f8-31b6-4016-b40e-f4937713dec2", + "id": "bundle--480cce5d-2309-445e-baef-263f1868c252", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json index 29528dab2b..18d37f4aad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json +++ b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a617c519-a613-4c7a-bbd0-4a4923e3bae3", + "id": "bundle--ca04a6e8-b432-410d-a26e-6f9bdf4cef3b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json index 47356bfd84..2bfea0f382 100644 --- a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json +++ b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45911dbd-8c18-4190-a628-25c55d8bbdb2", + "id": "bundle--813b8fb1-2798-4952-8de6-94e5a01f0fe6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json index 3623d205ff..80e6e77e8f 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json +++ b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6023ddfa-5276-4821-b4ef-87a0341c679d", + "id": "bundle--5be3cd37-50ab-4306-bd0f-16c4db386b99", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json index 3a8eaf98ba..a6afb219e3 100644 --- a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json +++ b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bc87abca-c917-47a7-b560-a9205137b9e8", + "id": "bundle--41e34344-1860-4405-bc86-aa36708f11c2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json index a6dcdf9e7a..087ad8ba0b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json +++ b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fb356767-395a-4e58-9546-f7ddec5da9c2", + "id": "bundle--535e2e64-ca57-42c9-836b-335ed8a0b3f8", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Remotely Install Application", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json index 79590ee67b..555a6be785 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json +++ b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--deef54df-6333-47f9-8558-7e62e67a7686", + "id": "bundle--9eed16b8-fdc7-407f-bc7b-081afc110f6c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json index 6fe4683b18..b92f3512ed 100644 --- a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json +++ b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fa7b5481-0bd6-46f8-828d-6c788c6b3099", + "id": "bundle--44d3f446-eafe-4703-bf28-ccd5970a41e9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json index 2eaa80bcef..da85bbc32c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json +++ b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e6597cdf-40f5-4fac-b1d0-f77c98403442", + "id": "bundle--54b9b15f-e908-400b-8e06-4dbeb04c36e7", "spec_version": "2.0", "objects": [ { @@ -43,7 +43,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json index 383b801280..81e1cb2f46 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json +++ b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dfa9dd9a-226a-47b2-9870-039262158f4a", + "id": "bundle--32a05ac6-4fff-415d-b18f-9ebe847dbe5e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json index d8f2f2195a..1e8b465e12 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json +++ b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8d1f2e25-d34b-48ae-88f0-525e1c913752", + "id": "bundle--1f783cbb-a522-49cd-a744-f475ca65916a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json index a2ba8700f5..7959ad5b4b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json +++ b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f51c5c4b-6fb7-40b0-acee-ee4253fa55dc", + "id": "bundle--78e0aaf3-6dff-42b3-8413-ad28cbd38036", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json index c4b58e659f..89d44bd24a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json +++ b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ce8adea6-c8ac-402f-b85a-7c9b9878e00a", + "id": "bundle--34ee4a90-d224-48e7-910a-34d01e02b055", "spec_version": "2.0", "objects": [ { @@ -63,7 +63,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json index 7f0f1d2a65..014b3fbce4 100644 --- a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json +++ b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--78295b01-de76-4843-9ee2-c7c1a4b1a749", + "id": "bundle--3795fa9c-ebcf-4c27-ac2e-a4c46d54d8c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json index 6fa905d93f..188a5e2af8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json +++ b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ddd39c64-49ae-4608-bf70-9896421bcb46", + "id": "bundle--1ef0f3a1-cd2f-4066-9ba7-ffcdc9b62228", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json index 10c671f32b..59ad8a82aa 100644 --- a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json +++ b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50dbb539-c81e-4bb7-a103-199ee70b5bda", + "id": "bundle--de8dc44d-4e30-486f-9484-5ec5f65215be", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json index 10ccb1ce47..5bec746910 100644 --- a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json +++ b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c77eb04f-87ad-4e31-b52e-bd244f6a03e0", + "id": "bundle--cf2264ad-7ca5-4d19-a888-17a70e1ec016", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json index db8ac28e28..eb97d6b1b5 100644 --- a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json +++ b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--367e2195-f915-4754-97e7-5b58f8b7dc32", + "id": "bundle--3b81d4ff-e1cb-4581-9a60-385bf84af694", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json index 86c4b28d7b..e05151b5a9 100644 --- a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json +++ b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ee13f372-a3e0-47a9-87a0-077591933c5a", + "id": "bundle--e4b9d8b9-2199-43d0-85e8-606ad2ce3f64", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json index 53808a860b..f856613dd9 100644 --- a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json +++ b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d96024df-af64-4f46-9a6d-3990f713311a", + "id": "bundle--37e448be-75ec-429b-bae0-cb2d3f8c9fda", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json index ed2df0209e..a6b90f447c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json +++ b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json @@ -1,65 +1,65 @@ { "type": "bundle", - "id": "bundle--70873a8c-8dda-442e-9100-f08b27ddd853", + "id": "bundle--bde2ad8d-36ef-4445-a982-977c68b34ee5", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-21T13:44:31.305Z", + "name": "Remote Device Management Services", + "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ", + "kill_chain_phases": [ + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "collection" + }, + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "discovery" + } + ], + "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ", "x_mitre_platforms": [ "Android", "iOS" ], + "x_mitre_is_subtechnique": true, + "x_mitre_deprecated": false, "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + "x_mitre_version": "1.0", + "x_mitre_tactic_type": [ + "Post-Adversary Device Access" ], "type": "attack-pattern", "id": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", "created": "2022-04-05T19:37:15.984Z", - "x_mitre_version": "1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, "external_references": [ { "source_name": "mitre-attack", - "external_id": "T1430.001", - "url": "https://attack.mitre.org/techniques/T1430/001" + "url": "https://attack.mitre.org/techniques/T1430/001", + "external_id": "T1430.001" }, { "source_name": "Krebs-Location", - "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/", - "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018." + "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018.", + "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html", "external_id": "ECO-5" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html", "external_id": "EMM-7" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ", - "modified": "2022-04-19T19:58:48.039Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Remote Device Management Services", - "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ", - "kill_chain_phases": [ - { - "phase_name": "collection", - "kill_chain_name": "mitre-mobile-attack" - }, - { - "phase_name": "discovery", - "kill_chain_name": "mitre-mobile-attack" - } - ], - "x_mitre_is_subtechnique": true, - "x_mitre_tactic_type": [ - "Post-Adversary Device Access" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" diff --git a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json index bcf0c0f623..f9f83350b5 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json +++ b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e7f30a15-0206-4d94-be5c-0e83c8625196", + "id": "bundle--23cf64fa-2b0b-44a4-baba-199c4da63484", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json index 89e89f5ca7..46ea321ce8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json +++ b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b88f4492-07d3-4002-80af-e069821f5ec5", + "id": "bundle--b0ab0a1f-a010-4964-be9c-bf45a11f6657", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.700Z", "name": "Stolen Developer Credentials or Signing Keys", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json index 0b6b89701e..c65bb2aa89 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json +++ b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a7c01c2e-bbbe-4648-94d2-c470746f3393", + "id": "bundle--d6c74728-4d09-4734-bfe0-7deaf7024ea6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json index 34340c4419..d1da543ff0 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json +++ b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1c70107d-f4dd-4022-8fd9-ab8d20a58335", + "id": "bundle--bec20827-4959-44ef-92b8-554295bea7d9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json index da4882e1fc..cd4b33beb4 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json +++ b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--689f110e-e91c-4fc5-b0e8-224149a4876d", + "id": "bundle--703d5616-416a-4022-a18e-5662caaeb0d0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json index 61368261e5..b7c1321d7a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json +++ b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7fef4ac3-9a76-4566-9c51-076d9e91cf0f", + "id": "bundle--20ddebba-1596-46e2-b1af-60bc13f136d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json index ca098ee8b0..2847137ac6 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json +++ b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--87bd1b53-f268-4120-b66c-f3ae0bbd8d73", + "id": "bundle--3929b3fd-cf1f-46ec-ad4e-492b36bb34b9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json index 6401049849..a4f17fa938 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json +++ b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7f75fe0b-e90e-401f-893f-8e7d2e61b323", + "id": "bundle--8a6d290f-f42a-414a-81ac-9185f303ac53", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json index 7ab0fc0164..7449e94aea 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json +++ b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3f7c64bf-59be-475a-9b17-c0089cdbc3eb", + "id": "bundle--d11c4463-a00c-4b64-9d73-0e4dbc80bf85", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Malicious Media Content", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json index 58d0dfaf26..3e3ceae38c 100644 --- a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json +++ b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--79a71115-3b7c-4489-a403-f567d2fb0dc7", + "id": "bundle--94eaeafd-bdc3-44d2-b08d-41d193465cfd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json index 480b1f7266..76fd81b439 100644 --- a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json +++ b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--37a4d70c-39de-498b-a5c1-0362f4617f35", + "id": "bundle--d515d6d3-3b8a-4a3a-a759-5275dd305c93", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json index f188e91ea5..34c5ad2266 100644 --- a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json +++ b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ab86f1a-82d5-4257-9952-297b616ae86b", + "id": "bundle--701f0ce5-af06-4551-a9ee-015664cac6fa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json index 10d106d531..bba9d3b484 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json +++ b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91a89c20-701f-4d2b-8875-71a22348d94e", + "id": "bundle--322d950c-cca3-4a03-81f3-2bf28c9fedd5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json index 5bf67b282d..3ff09f1163 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json +++ b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json @@ -1,50 +1,10 @@ { "type": "bundle", - "id": "bundle--61213974-0231-43f6-9f59-f2c90a0888dd", + "id": "bundle--c343f1cd-a17e-472c-aac9-829d8ce5eb98", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "type": "attack-pattern", - "created": "2020-09-11T15:14:33.730Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1582", - "url": "https://attack.mitre.org/techniques/T1582" - }, - { - "external_id": "APP-16", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html" - }, - { - "external_id": "CEL-41", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html" - }, - { - "source_name": "SMS KitKat", - "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", - "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020." - }, - { - "source_name": "Android SmsProvider", - "url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java", - "description": "Google. (n.d.). SmsProvider.java. Retrieved September 11, 2020." - } - ], - "modified": "2020-10-22T17:04:15.578Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "SMS Control", "description": "Adversaries may delete, alter, or send SMS messages without user authorization. This could be used to hide C2 SMS messages, spread malware, or various external effects.\n\nThis can be accomplished by requesting the `RECEIVE_SMS` or `SEND_SMS` permissions depending on what the malware is attempting to do. If the app is set as the default SMS handler on the device, the `SMS_DELIVER` broadcast intent can be registered, which allows the app to write to the SMS content provider. The content provider directly modifies the messaging database on the device, which could allow malicious applications with this ability to insert, modify, or delete arbitrary messages on the device.(Citation: SMS KitKat)(Citation: Android SmsProvider)", "kill_chain_phases": [ @@ -53,12 +13,54 @@ "phase_name": "impact" } ], - "x_mitre_detection": "Users can view the default SMS handler in system settings.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view the default SMS handler in system settings.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "created": "2020-09-11T15:14:33.730Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1582", + "external_id": "T1582" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html", + "external_id": "APP-16" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html", + "external_id": "CEL-41" + }, + { + "source_name": "SMS KitKat", + "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020.", + "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html" + }, + { + "source_name": "Android SmsProvider", + "description": "Google. (n.d.). SmsProvider.java. Retrieved September 11, 2020.", + "url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json index 35cf5c868d..9e65588ac9 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json +++ b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--35f54852-8d4d-4263-98f4-4f5f819a371a", + "id": "bundle--2c2ef759-1bbb-49dc-b953-b2ac394c59ab", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json index fa752f671f..396f47265a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json +++ b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a77bb30d-723a-45b9-a613-124bf82e2969", + "id": "bundle--254fe005-239d-4b2c-b5d5-d69f03d9c9d5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json index d0997e9174..48f9a88fc2 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json +++ b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--753c282a-617a-4508-b869-8f92e69eaee1", + "id": "bundle--81cf007d-e79a-4144-9c62-5bf68b1edc25", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.700Z", "name": "Detect App Analysis Environment", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json index ae6fe59954..3125756529 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json +++ b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--86401a53-13c5-4243-8ce0-d3131411ab9b", + "id": "bundle--1a6bee97-acf6-481d-a69c-4787d0591b82", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json index 23cdc5799e..28e0239561 100644 --- a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json +++ b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b83b3ef4-21b1-45ad-923e-9a94f869c191", + "id": "bundle--599c2216-03fe-4842-bdd5-6acff78c8279", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.704Z", "name": "Malicious Software Development Tools", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json index e09898f715..9ca61368b8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json +++ b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--176ed813-0db0-41c7-9711-38adca27bc41", + "id": "bundle--ea026c31-3595-44ed-8576-df1908701b96", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json index a6c03dc18b..067d984de1 100644 --- a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json +++ b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9729a3fa-4205-4518-aa17-e7ebb23e47b1", + "id": "bundle--8925bbcc-c85d-476e-a9d8-b8428f95d2a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json index 4e4a42484b..1a27532967 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json +++ b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--13a625dc-5e14-4458-b0aa-1980cfcd49dd", + "id": "bundle--187fbfc7-a5c7-4c0d-9190-e25b26fc4519", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json index 650c7a4290..ca0b2e7cd3 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json +++ b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43bf281e-d8c1-4de7-915c-af5c10fe6775", + "id": "bundle--34a77e22-9428-4c57-902b-12e17cf6f55e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json index 8583591353..7e496ce537 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json +++ b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dfc7aabf-c51b-4079-9c33-03be8483080d", + "id": "bundle--1b4952ce-91f0-41c5-ac1f-c32f586b349a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json index a5852bb639..1d1e21c16a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json +++ b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f638d3e1-fa9e-4b1f-b891-d51125839874", + "id": "bundle--a314b38d-ddb1-431f-b8af-8a8a00879bb5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json index 3ad7f3ea06..dc66e34b89 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json +++ b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--28bbe2a2-38dc-4676-a5c6-78450d4a64dd", + "id": "bundle--2f378a0e-8edc-4759-836f-dfa2bd1643e4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json index a75d4bd452..e6fad9911b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json +++ b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d7915a13-1179-4025-8013-d4e7bf28d082", + "id": "bundle--00849472-2f16-43ec-83f2-af0becaa07e5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json index f06a02b3fb..45324d44ca 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json +++ b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--27aff693-e520-4254-acf3-71a318837af2", + "id": "bundle--1870def0-d9b7-4852-8b14-84f932ca9d25", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json index b193934de0..42abec0941 100644 --- a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json +++ b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6d525196-1afd-4020-b9e5-d743fa0eddda", + "id": "bundle--484e3d1a-8b9f-41da-88de-e17b5c685367", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.702Z", "name": "Exploit Baseband Vulnerability", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json index 4b9ae0055c..91c745c5ad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json +++ b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b1863767-86d5-427d-9335-ddb07804211e", + "id": "bundle--43713cb5-1c74-4a79-8032-d54904375c32", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json index a81a7feef4..ab5a516fad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json +++ b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json @@ -1,33 +1,10 @@ { "type": "bundle", - "id": "bundle--88660996-4120-4aa7-a46a-f275ea4c42b3", + "id": "bundle--785f6c28-6b07-49c7-96e9-e40a1aac57f2", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "J\u00f6rg Abraham, EclecticIQ" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", - "type": "attack-pattern", - "created": "2021-09-24T14:47:34.182Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1617", - "url": "https://attack.mitre.org/techniques/T1617" - } - ], - "modified": "2021-10-04T20:08:47.559Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Hooking", "description": "Adversaries may utilize hooking to hide the presence of artifacts associated with their behaviors to evade detection. Hooking can be used to modify return values or data structures of system APIs and function calls. This process typically involves using 3rd party root frameworks, such as Xposed or Magisk, with either a system exploit or pre-existing root access. By including custom modules for root frameworks, adversaries can hook system APIs and alter the return value and/or system data structures to alter functionality/visibility of various aspects of the system.", "kill_chain_phases": [ @@ -36,12 +13,37 @@ "phase_name": "defense-evasion" } ], - "x_mitre_detection": "Hooking can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Hooking can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "J\u00f6rg Abraham, EclecticIQ" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", + "created": "2021-09-24T14:47:34.182Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1617", + "external_id": "T1617" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json index b0f1ea13d4..7ef10b30b7 100644 --- a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json +++ b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c68d3edf-0bb8-4831-86f8-8fe74299a079", + "id": "bundle--54d6d552-7a58-4086-aaca-f0f0776b943f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json index fcfa273184..38ebcc2bf7 100644 --- a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json +++ b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fd7d21c9-0c29-4bf0-a30c-6f608435e18d", + "id": "bundle--2c14e81d-aad7-4bed-931c-e2343b4b47ee", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json index e1bb7c8ada..8a53d93b82 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json +++ b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--56c3f1ae-89ca-4962-9a4e-bf585c1d0e4e", + "id": "bundle--daff7133-6117-49ed-b99b-9b6ca3eceef5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json index c1091676bc..1ecf1b6d06 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json +++ b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json @@ -1,48 +1,10 @@ { "type": "bundle", - "id": "bundle--06d976ac-469b-414d-83e2-278acc40e285", + "id": "bundle--86e07cb4-3dbb-4073-8fca-0ea1b9f0bb83", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Luk\u00e1\u0161 \u0160tefanko, ESET" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "type": "attack-pattern", - "created": "2019-09-15T15:26:22.356Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://attack.mitre.org/techniques/T1516", - "source_name": "mitre-mobile-attack", - "external_id": "T1516" - }, - { - "description": "Luk\u00e1\u0161 \u0160tefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.", - "url": "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", - "source_name": "android-trojan-steals-paypal-2fa" - }, - { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" - }, - { - "description": "Bitwarden. (n.d.). Auto-fill logins on Android . Retrieved September 15, 2019.", - "url": "https://help.bitwarden.com/article/auto-fill-android/", - "source_name": "bitwarden autofill logins" - } - ], - "modified": "2020-06-24T15:02:13.323Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Input Injection", "description": "A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.\n\n[Input Injection](https://attack.mitre.org/techniques/T1516) can be achieved using any of the following methods:\n\n* Mimicking user clicks on the screen, for example to steal money from a user's PayPal account.(Citation: android-trojan-steals-paypal-2fa)\n* Injecting global actions, such as `GLOBAL_ACTION_BACK` (programatically mimicking a physical back button press), to trigger actions on behalf of the user.(Citation: Talos Gustuff Apr 2019)\n* Inserting input into text fields on behalf of the user. This method is used legitimately to auto-fill text fields by applications such as password managers.(Citation: bitwarden autofill logins)", "kill_chain_phases": [ @@ -55,12 +17,52 @@ "phase_name": "impact" } ], - "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.", - "x_mitre_version": "1.1", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.1", + "x_mitre_contributors": [ + "Luk\u00e1\u0161 \u0160tefanko, ESET" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "created": "2019-09-15T15:26:22.356Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1516", + "external_id": "T1516" + }, + { + "source_name": "android-trojan-steals-paypal-2fa", + "description": "Luk\u00e1\u0161 \u0160tefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.", + "url": "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" + }, + { + "source_name": "Talos Gustuff Apr 2019", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html" + }, + { + "source_name": "bitwarden autofill logins", + "description": "Bitwarden. (n.d.). Auto-fill logins on Android . Retrieved September 15, 2019.", + "url": "https://help.bitwarden.com/article/auto-fill-android/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json index c6b594a5dd..1d4e8761b8 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json +++ b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2a7137f7-77c1-4cf8-826e-0083b56cbb02", + "id": "bundle--45ce34e2-3d4a-4148-a6bf-1af833071457", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json index 6eb5df0391..7bafd315c9 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json +++ b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json @@ -1,40 +1,10 @@ { "type": "bundle", - "id": "bundle--fc897ee8-0e9d-45ff-9942-a77a55f658c2", + "id": "bundle--3edd06be-419c-4e5c-ac11-cc739d3b0144", "spec_version": "2.0", "objects": [ { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "type": "attack-pattern", - "created": "2020-05-07T15:24:49.068Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1577", - "url": "https://attack.mitre.org/techniques/T1577" - }, - { - "source_name": "Guardsquare Janus", - "url": "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures", - "description": "Guarsquare. (2017, November 13). New Android vulnerability allows attackers to modify apps without affecting their signatures. Retrieved May 7, 2020." - }, - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "modified": "2020-05-27T13:23:34.159Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Compromise Application Executable", "description": "Adversaries may modify applications installed on a device to establish persistent access to a victim. These malicious modifications can be used to make legitimate applications carry out adversary tasks when these applications are in use.\n\nThere are multiple ways an adversary can inject malicious code into applications. One method is by taking advantages of device vulnerabilities, the most well-known being Janus, an Android vulnerability that allows adversaries to add extra bytes to APK (application) and DEX (executable) files without affecting the file's signature. By being able to add arbitrary bytes to valid applications, attackers can seamlessly inject code into genuine executables without the user's knowledge.(Citation: Guardsquare Janus)\n\nAdversaries may also rebuild applications to include malicious modifications. This can be achieved by decompiling the genuine application, merging it with the malicious code, and recompiling it.(Citation: CheckPoint Agent Smith)\n\nAdversaries may also take action to conceal modifications to application executables and bypass user consent. These actions include altering modifications to appear as an update or exploiting vulnerabilities that allow activities of the malicious application to run inside a system application.(Citation: CheckPoint Agent Smith)", "kill_chain_phases": [ @@ -43,12 +13,44 @@ "phase_name": "persistence" } ], - "x_mitre_detection": "This behavior is seamless to the user and is typically undetectable.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "This behavior is seamless to the user and is typically undetectable.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "created": "2020-05-07T15:24:49.068Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1577", + "external_id": "T1577" + }, + { + "source_name": "Guardsquare Janus", + "description": "Guarsquare. (2017, November 13). New Android vulnerability allows attackers to modify apps without affecting their signatures. Retrieved May 7, 2020.", + "url": "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures" + }, + { + "source_name": "CheckPoint Agent Smith", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json index e14d83f28c..e809d35671 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json +++ b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2b67ca7-5a11-47ac-af21-42481320d089", + "id": "bundle--d0eb5b42-2b27-444c-89a7-82d9aeee5d59", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json index b306bf77bc..8482f4ec7b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json +++ b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6216dbeb-e0d5-4d0c-ac4b-ef3707687264", + "id": "bundle--4031d23c-0049-4f0a-8074-59023a24c06d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json index 501586108d..290780439a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json +++ b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1f61854f-dd52-4a11-806f-472b490c2631", + "id": "bundle--67de45d3-0b99-4e88-9499-43fa959da06a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json index a982ac77f6..a84418cc85 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json +++ b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b7c71084-6e09-4beb-a602-95b192864541", + "id": "bundle--fe06819e-2f08-4816-9b5d-015cc0e77fab", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json index 57eb888234..3c73f62dad 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json +++ b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--66d8eb34-6cc6-4660-9628-8bd333794e66", + "id": "bundle--3800b9ea-2fe5-41aa-b488-eff967c14db4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json index 3ff5f513ed..b0de019647 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json +++ b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c8eb0d05-dd97-4cdb-a59d-312812a9b0ef", + "id": "bundle--6f6888f5-04a6-422b-8f49-327a1263939c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json index f2edd25c38..cda663cb54 100644 --- a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json +++ b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ca3bec7c-4213-4d91-929c-1312f23bd44e", + "id": "bundle--298009e7-2a4e-4738-ba70-cfa6f6aac2c0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json index 0a2741c49e..f58760a575 100644 --- a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json +++ b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--466fe670-5c12-4e2b-bb1b-9179dd929553", + "id": "bundle--7a183544-2862-44bc-8873-800df86c93a5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json index be300d178e..412c4e06b2 100644 --- a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json +++ b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d924d6aa-c236-431e-9a2f-8ba0c46cc980", + "id": "bundle--8b49f5d4-c433-499e-92e7-5afd912812c4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json index b0d23a38e1..6467746d37 100644 --- a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json +++ b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ccb6bb91-9623-4d40-a8ca-7db8b6cb43a1", + "id": "bundle--06c7ddcd-1ea1-4054-863f-2ab4eaa01d1f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json index 95f5b0fddf..5440b56433 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json +++ b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b6ad469a-b78f-4e64-9985-5073d1265a80", + "id": "bundle--77149b7b-6260-458e-b0d8-a60d50c3f9cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json index dff02e6c07..b77b061517 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json +++ b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5c8f33f1-d9fb-4fc1-80f3-07abad829fb9", + "id": "bundle--aa7ad2d5-d481-4920-9008-5b764d3e2973", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json index 9c64701168..6d4840e3a6 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json +++ b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b465dfa-df2e-4ab3-b5aa-b9ac257a6289", + "id": "bundle--4ae45c0f-465b-4b42-98c1-8ef2cee8507e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json index da3c790965..2268024ec0 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json +++ b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0dcac807-67c3-4898-9f0f-c0f90fcf9911", + "id": "bundle--cb99bea5-cce8-4682-918e-5b9c0e38382e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json index 01cf5d3a64..dc620669a1 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json +++ b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6bd7a553-de65-4cfc-bb29-14ed21462489", + "id": "bundle--169b31ad-f177-4d61-b20c-88712cdcf571", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json index 6c4462e994..7f09196698 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json +++ b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--53457d64-43d1-4bf5-8096-c26d77f9b0d6", + "id": "bundle--bf01a51d-8628-40fc-ae8c-1091471c9bfa", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Fake Developer Accounts", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json index 3eeac0cd8e..d4186e7c09 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json +++ b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c69219f4-adf2-4791-bc18-bdf2e69af513", + "id": "bundle--6c9db173-5a39-488c-9890-389c95d3c6cb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json index fa35b60ebf..489aba3acb 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json +++ b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0cf14420-043b-45c7-ab2c-f2af5fc8624d", + "id": "bundle--155bf289-77ca-4827-befc-56fd93f66304", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json index 0cab465409..35cebedf8f 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json +++ b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--17fe99ba-9db6-4c70-8dec-04e48fc95c16", + "id": "bundle--b512f8c8-5ebc-4c18-9466-efd15500a60f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json index 78080e6da7..7a67c0873d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json +++ b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--10292627-be14-4442-b7fd-6dc2dc32d9c9", + "id": "bundle--a459771e-963f-44a8-bf66-f5806d3c7860", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json index b0cb8bf9c3..416a37c37a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json +++ b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f2d4d6a3-f9b5-4ea8-95b8-b12f5f69bdd5", + "id": "bundle--2b32eab8-6d08-449e-881c-2708223e5aac", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json index 2a89324163..f1c3dcd4f0 100644 --- a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json +++ b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2ede993d-be2e-4775-b0e4-bc94e4454894", + "id": "bundle--1b8877d3-b9b2-46c1-b3b0-78c0abd14d78", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json index 5366ab5fc1..260bb9e102 100644 --- a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json +++ b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e72e0f8e-cf0b-449f-acb7-cc74905103a1", + "id": "bundle--9d17f7c5-1c17-45d8-9e53-773e98392568", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json index 3ba3213c64..77ed5ceee7 100644 --- a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json +++ b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--065052db-172b-45dc-8f6e-5c0a50e191c1", + "id": "bundle--949d5b4b-6ff7-4c9b-a13d-b65ade1c40a7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json index 12635deed9..a23cbcc811 100644 --- a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json +++ b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e5f13921-c8c4-4588-bd87-0afe66abfbc4", + "id": "bundle--00940a4f-496b-4738-aead-f596625df049", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json index dde7358c04..1a270571fd 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json +++ b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--593d4aca-d2ea-44d1-934e-c8a9c43fc4fb", + "id": "bundle--e2e07b21-4faf-4448-9c9e-10f7e4714678", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json index 43ee2ecd4f..a2eaf58909 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json +++ b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--87c8e5d3-5475-4855-b006-e0814519c1c9", + "id": "bundle--ff9d0cd0-d3a8-47f3-83a0-1a21a7e537b3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json index dc01bcb4bd..019714ee42 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json +++ b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--36e75c8f-10e5-4135-a300-e17a339b5cc9", + "id": "bundle--496a2bc1-1361-4a09-b9ab-9d971b79a389", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Device Unlock Code Guessing or Brute Force", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json index 30f82ebc6d..df2eacb19a 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json +++ b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ebf06495-6389-428c-b605-1430de41ce1d", + "id": "bundle--38df0155-5d67-4b44-ad02-8cc32206007f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json index 63c7b088f6..1ee4b31e55 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json +++ b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--897bc7c2-a4d1-4864-8928-9512a41eb2ae", + "id": "bundle--4fd44f32-ebd2-4043-849c-bdec3cf19647", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json index 51fe4b722a..d3c973d779 100644 --- a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json +++ b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a1e2760-7325-4fb8-89ea-81a79884b414", + "id": "bundle--0018400c-8e4b-47ce-8fe6-a8963dd87c3e", "spec_version": "2.0", "objects": [ { @@ -20,7 +20,8 @@ ], "modified": "2018-10-17T01:05:10.704Z", "name": "Malicious or Vulnerable Built-in Device Functionality", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false } ] } \ No newline at end of file diff --git a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json index cef473ba19..d87573dfe1 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json +++ b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b1877bb-4491-4f48-8847-6cae75ebc8a7", + "id": "bundle--cd425987-78d1-41e1-80c7-fc01e59c7589", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json index b8701eeb77..c98ee8ff5d 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json +++ b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--829b1cf1-ca8a-4677-b2d4-1bbaf4103fda", + "id": "bundle--ef1ff0eb-66c8-426f-8e3a-73b843460e67", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json index 57358eb377..4463603435 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json +++ b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--95e59222-1a8d-4b6c-a6b2-07173372a3a4", + "id": "bundle--aab98553-aa59-4d58-9c17-1ea93e4c1fda", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json index f2e3f4b352..a2df4dfaed 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json +++ b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ad4c5e29-0c97-46c8-9ae5-5b6c11dd9b8b", + "id": "bundle--752a8f5f-e763-4522-9297-1cf21cc077aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json index b7eac834b8..8d812558fb 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json +++ b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8d7bf281-15c0-4cad-a843-7b859d974091", + "id": "bundle--38384a13-0595-4f2d-8013-f4561de44bbf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json index cfb88b9fb8..f0cd5e2e03 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json +++ b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3f8dde7d-bbfe-4f95-8665-fc4fce17bc8c", + "id": "bundle--d9dbf2df-016f-4668-b77c-77bc9f832589", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json index 9cc9b3ca79..d4e49f918b 100644 --- a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json +++ b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c9230fe7-c8e7-47e7-a303-7c9cab2dad9a", + "id": "bundle--b2a7a391-6548-4251-8637-65efbf6fc9f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json new file mode 100644 index 0000000000..e7a63000de --- /dev/null +++ b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json @@ -0,0 +1,47 @@ +{ + "type": "bundle", + "id": "bundle--6ca6a569-755a-437f-bfb4-d16b0adbf407", + "spec_version": "2.0", + "objects": [ + { + "modified": "2022-09-30T21:05:22.490Z", + "name": "Operation Dust Storm", + "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)", + "aliases": [ + "Operation Dust Storm" + ], + "first_seen": "2010-01-01T07:00:00.000Z", + "last_seen": "2016-02-01T06:00:00.000Z", + "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)", + "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)", + "x_mitre_deprecated": false, + "x_mitre_version": "1.0", + "type": "campaign", + "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "created": "2022-09-29T20:00:38.136Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/campaigns/C0016", + "external_id": "C0016" + }, + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "3.0.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_domains": [ + "enterprise-attack", + "mobile-attack" + ] + } + ] +} \ No newline at end of file diff --git a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json index f82a53adc6..cb3fad8991 100644 --- a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json +++ b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--26ce348e-853d-4491-b32b-3e7a88e2efb2", + "id": "bundle--8abc83a9-edad-4723-87f4-e06067bb1cc4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json index 69a7fda621..65439a74f1 100644 --- a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json +++ b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--936a8119-69d1-40dc-aa55-719ac9e93a2b", + "id": "bundle--e86caf30-5a04-478b-99d7-9a9e146964b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json index cab4797d3c..35768031ed 100644 --- a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json +++ b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1fc5eb2-0bd5-4b47-9615-631e96af2556", + "id": "bundle--a1661075-5d97-42ca-8dd0-1c471635ec90", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json index 69d8f19f9b..ae468d8b5d 100644 --- a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json +++ b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2f354515-f4a5-419c-82c6-a4909dbb2015", + "id": "bundle--a121227b-ef3b-4a14-9fb5-62980f3f2ec7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json index 55f32aea66..6e403818e5 100644 --- a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json +++ b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a8563d38-572c-4530-aaba-e28fd5a5d3b8", + "id": "bundle--a934c82f-4b45-40f9-9de3-56d9b4da1e5b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json index 7e81844454..e8ba5388c0 100644 --- a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json +++ b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e5cc1507-7adb-4ecd-8776-4233d130ae3c", + "id": "bundle--b9b1c8b0-5326-41fb-a1da-d4d79ea42342", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json index d0ff8b7f59..89ac313349 100644 --- a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json +++ b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b94421b8-9164-447a-91fb-7cee631bcb66", + "id": "bundle--a8145055-4f0d-4400-bee1-6ee0f0527866", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json index d782991fc6..7e384e179d 100644 --- a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json +++ b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae2c2fb2-bfa9-4029-abf6-3f4d49f0ae3f", + "id": "bundle--fb17bc6a-ab7f-4f13-9abe-929a2b02c2d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json index 2b41c2bb7d..99571df547 100644 --- a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json +++ b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b6e75a45-34f5-4cbb-9610-6cc1b1981856", + "id": "bundle--83b52563-9aae-4e7b-a94f-e369e1eabf1e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json index daa2d27f4d..8d8cefe0d8 100644 --- a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json +++ b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1ec22c01-27ed-48e1-b62c-9263e7e18bce", + "id": "bundle--f97394c1-2ebc-4fb3-883b-e4c0b7a5d020", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json index 327778b446..24b056746f 100644 --- a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json +++ b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--355a7cbc-fd27-4626-b4c5-3448aab60a12", + "id": "bundle--2fce03ce-e4ce-4cd7-852c-7a844e061ad1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json index 65081522c9..3fb6172565 100644 --- a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json +++ b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--352efc6f-9f2d-46b5-98f4-be0696080d07", + "id": "bundle--4dd72c87-f54a-41be-b5fd-a8a2d0f2fa8b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json index d37bfde6e5..3e020b88b6 100644 --- a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json +++ b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3b656156-eece-4d0b-890b-fc0f63bc710d", + "id": "bundle--07fd25bc-344b-45dd-81a2-78314ee3ba5e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json index 4a18b134bd..4d5ca70b7c 100644 --- a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json +++ b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9af9d2a2-9208-48c8-9c44-fa58d73e40d0", + "id": "bundle--d8e8539b-d508-4ea2-97df-ed970c658b0a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json index 9296a768b5..ddd69390b0 100644 --- a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json +++ b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--79ed9427-3633-4598-a503-4e96a98c1e6b", + "id": "bundle--7fa58c92-5ee9-45b9-9f5f-4ad429b91f2f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json index 3f8d8ccbb0..c2e74f91b1 100644 --- a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json +++ b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json @@ -1,9 +1,12 @@ { "type": "bundle", - "id": "bundle--3f1e607f-d546-4339-a34d-e8ffab98f187", + "id": "bundle--a5cbecc0-becf-44f8-8b4a-4e1a5ef4378a", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-12T20:11:40.313Z", + "name": "Sandworm Team", + "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)", "aliases": [ "Sandworm Team", "ELECTRUM", @@ -11,29 +14,26 @@ "IRON VIKING", "BlackEnergy (Group)", "Quedagh", - "VOODOO BEAR" - ], - "x_mitre_domains": [ - "mobile-attack" + "Voodoo Bear" ], + "x_mitre_deprecated": false, + "x_mitre_version": "2.2", "x_mitre_contributors": [ - "Dragos Threat Intelligence" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + "Dragos Threat Intelligence" ], "type": "intrusion-set", "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192", "created": "2017-05-31T21:32:04.588Z", - "x_mitre_version": "2.2", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, "external_references": [ { "source_name": "mitre-attack", - "external_id": "G0034", - "url": "https://attack.mitre.org/groups/G0034" + "url": "https://attack.mitre.org/groups/G0034", + "external_id": "G0034" }, { - "source_name": "VOODOO BEAR", + "source_name": "Voodoo Bear", "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" }, { @@ -62,66 +62,68 @@ }, { "source_name": "US District Court Indictment GRU Oct 2018", - "url": "https://www.justice.gov/opa/page/file/1098481/download", - "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020." + "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.", + "url": "https://www.justice.gov/opa/page/file/1098481/download" }, { "source_name": "Dragos ELECTRUM", - "url": "https://www.dragos.com/resource/electrum/", - "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020." + "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.", + "url": "https://www.dragos.com/resource/electrum/" }, { "source_name": "F-Secure BlackEnergy 2014", - "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", - "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016." + "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.", + "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf" }, { "source_name": "iSIGHT Sandworm 2014", - "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html", - "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017." + "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.", + "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html" }, { "source_name": "CrowdStrike VOODOO BEAR", - "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/", - "description": "Meyers, A. (2018, January 19). Meet CrowdStrike\u2019s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018." + "description": "Meyers, A. (2018, January 19). Meet CrowdStrike\u2019s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.", + "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/" }, { "source_name": "InfoSecurity Sandworm Oct 2014", - "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/", - "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian \u2018Sandworm\u2019 Hackers. Retrieved October 6, 2017." + "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian \u2018Sandworm\u2019 Hackers. Retrieved October 6, 2017.", + "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/" }, { "source_name": "NCSC Sandworm Feb 2020", - "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory", - "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020." + "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.", + "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory" }, { "source_name": "USDOJ Sandworm Feb 2020", - "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html", - "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020." + "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.", + "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html" }, { "source_name": "US District Court Indictment GRU Unit 74455 October 2020", - "url": "https://www.justice.gov/opa/press-release/file/1328521/download", - "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020." + "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.", + "url": "https://www.justice.gov/opa/press-release/file/1328521/download" }, { "source_name": "Secureworks IRON VIKING ", - "url": "https://www.secureworks.com/research/threat-profiles/iron-viking", - "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020." + "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.", + "url": "https://www.secureworks.com/research/threat-profiles/iron-viking" }, { "source_name": "UK NCSC Olympic Attacks October 2020", - "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games", - "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020." + "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.", + "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)", - "modified": "2022-05-23T21:21:17.572Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Sandworm Team", + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_domains": [ + "enterprise-attack", + "ics-attack", + "mobile-attack" + ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } diff --git a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json index 7e94df0aaa..c91fb73aed 100644 --- a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json +++ b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9db4974e-d498-4429-bf3d-91e219b5d842", + "id": "bundle--35b9ad37-6c4f-45c4-b5fa-9e7818c4323e", "spec_version": "2.0", "objects": [ { @@ -8,7 +8,8 @@ "Dark Caracal" ], "x_mitre_domains": [ - "mobile-attack" + "mobile-attack", + "enterprise-attack" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json index 7764e3172a..74643435be 100644 --- a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json +++ b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5a9b0a5b-bc2c-494e-a5bd-ac79cc40ce32", + "id": "bundle--1988329c-92c2-4367-ae9d-813344f760c2", "spec_version": "2.0", "objects": [ { @@ -9,7 +9,8 @@ "Bahamut" ], "x_mitre_domains": [ - "mobile-attack" + "mobile-attack", + "enterprise-attack" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json index 97d8812b7e..91766b3f37 100644 --- a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json +++ b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c8b232bb-3e31-4a8b-9d8f-bbcbe2804907", + "id": "bundle--f8c6bc6e-e390-4006-820c-63f2ae902bb0", "spec_version": "2.0", "objects": [ { @@ -20,6 +20,7 @@ "TG-4127" ], "x_mitre_domains": [ + "enterprise-attack", "mobile-attack" ], "x_mitre_contributors": [ diff --git a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json new file mode 100644 index 0000000000..34cc43f997 --- /dev/null +++ b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json @@ -0,0 +1,53 @@ +{ + "type": "bundle", + "id": "bundle--c5c587cc-f74b-48ed-8bb6-e0ff35fe9360", + "spec_version": "2.0", + "objects": [ + { + "modified": "2022-10-17T19:51:56.531Z", + "name": "Earth Lusca", + "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)", + "aliases": [ + "Earth Lusca", + "TAG-22" + ], + "x_mitre_deprecated": false, + "x_mitre_version": "1.0", + "type": "intrusion-set", + "id": "intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034", + "created": "2022-07-01T20:12:30.184Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/groups/G1006", + "external_id": "G1006" + }, + { + "source_name": "TAG-22", + "description": "(Citation: Recorded Future TAG-22 July 2021)" + }, + { + "source_name": "TrendMicro EarthLusca 2022", + "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca\u2019s Operations. Retrieved July 1, 2022.", + "url": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf" + }, + { + "source_name": "Recorded Future TAG-22 July 2021", + "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.", + "url": "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_domains": [ + "enterprise-attack", + "mobile-attack" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + } + ] +} \ No newline at end of file diff --git a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json index 6eb62d2ef3..033e23dd45 100644 --- a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json +++ b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ce9be339-4dba-45a1-8af9-c04abf3f8aad", + "id": "bundle--d5664d13-ec17-4555-9a1a-ddba8f941f9b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json index fe047f8610..6f2954a6b2 100644 --- a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json +++ b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--75b10ae8-9bf7-47d5-abf9-d6688d33ab6e", + "id": "bundle--c34a200f-e157-45b5-9c3b-72aefe853426", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json index 5a36ee900c..e047ec6b75 100644 --- a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json +++ b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bea6914e-36ad-4d41-98d0-a835cf5b55b0", + "id": "bundle--7bf6dcdf-3e01-4c7a-bea7-a2606da752d3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json index bb4fd9b1e8..3ce11787b3 100644 --- a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json +++ b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1bfd8d0d-38ae-4da2-93cc-3d1206d3263b", + "id": "bundle--5284db70-1336-4637-b25b-c8a7a0af7c34", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json index 10a2602ba0..87b36436b7 100644 --- a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json +++ b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--c9431b59-f781-401e-93cc-62e9e7eb82f2", + "id": "bundle--4c5fad86-8854-4c42-a5ef-d8322c65f65a", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Stealth Mango", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as [Tangelo](https://attack.mitre.org/software/S0329) is believed to be from the same developer. (Citation: Lookout-StealthMango)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.3", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Stealth Mango" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", "type": "malware", + "id": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0328", "external_id": "S0328" }, @@ -34,17 +37,14 @@ "description": "(Citation: Lookout-StealthMango)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "source_name": "Lookout-StealthMango", "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" } ], - "modified": "2020-09-11T15:55:43.283Z", - "name": "Stealth Mango", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as [Tangelo](https://attack.mitre.org/software/S0329) is believed to be from the same developer. (Citation: Lookout-StealthMango)", - "x_mitre_version": "1.3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json index beb63fcc3a..7a6ee26932 100644 --- a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json +++ b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--101ad5bd-f8de-40b7-a5e9-5aace30e4445", + "id": "bundle--c5ccd645-6909-4764-9126-b584fa2ac2eb", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Allwinner", + "description": "[Allwinner](https://attack.mitre.org/software/S0319) is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) for use on these devices reportedly contained a backdoor. (Citation: HackerNews-Allwinner)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--08784a9d-09e9-4dce-a839-9612398214e8", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--08784a9d-09e9-4dce-a839-9612398214e8", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0319", "external_id": "S0319" }, @@ -33,12 +36,9 @@ "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Allwinner", - "description": "[Allwinner](https://attack.mitre.org/software/S0319) is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) for use on these devices reportedly contained a backdoor. (Citation: HackerNews-Allwinner)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json index a807ce01df..4c6fb18f58 100644 --- a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json +++ b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cefb5822-121e-4f51-aaaa-690e36422a48", + "id": "bundle--3ea96060-e618-4ab5-bb46-90edfe4e010c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json index cf06222b6d..3dee4cb45b 100644 --- a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json +++ b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3ba5da83-a3f2-4654-84b9-f1154bd12210", + "id": "bundle--f396b9dc-2bd6-482f-b055-5650908b55c6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json index 3872b912c4..e53e140245 100644 --- a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json +++ b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--636e7b5f-4998-4a38-b361-0f80605be920", + "id": "bundle--7aa43aae-23be-4bdf-8834-6348de239cf0", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Judy", + "description": "[Judy](https://attack.mitre.org/software/S0325) is auto-clicking adware that was distributed through multiple apps in the Google Play Store. (Citation: CheckPoint-Judy)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--172444ab-97fc-4d94-b142-179452bfb760", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--172444ab-97fc-4d94-b142-179452bfb760", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0325", "external_id": "S0325" }, @@ -33,12 +36,9 @@ "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Judy", - "description": "[Judy](https://attack.mitre.org/software/S0325) is auto-clicking adware that was distributed through multiple apps in the Google Play Store. (Citation: CheckPoint-Judy)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json index eacdb73590..b581a20f26 100644 --- a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json +++ b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--04d8ea7d-39a3-46e1-a4f0-57c621f6c833", + "id": "bundle--af0abce6-f15f-4b14-b358-56feb87e197c", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "OldBoot", + "description": "[OldBoot](https://attack.mitre.org/software/S0285) is an Android malware family. (Citation: HackerNews-OldBoot)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", "created": "2017-10-25T14:48:45.155Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0285", "external_id": "S0285" }, @@ -33,12 +36,9 @@ "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "OldBoot", - "description": "[OldBoot](https://attack.mitre.org/software/S0285) is an Android malware family. (Citation: HackerNews-OldBoot)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json index e1e676da43..aa29866d16 100644 --- a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json +++ b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json @@ -1,32 +1,35 @@ { "type": "bundle", - "id": "bundle--e1e6e5cf-a290-4bdd-8a55-d1db4bb9897f", + "id": "bundle--4b16e5e0-291d-4150-9b4a-f6af703abc46", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Gooligan", + "description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Gooligan", "Ghost Push" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--20d56cd6-8dff-4871-9889-d32d254816de", "type": "malware", + "id": "malware--20d56cd6-8dff-4871-9889-d32d254816de", "created": "2017-10-25T14:48:43.242Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0290", "external_id": "S0290" }, @@ -39,27 +42,24 @@ "description": "Gooligan has been described as being part of the Ghost Push Android malware family. (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)" }, { - "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/", + "source_name": "Gooligan Citation", "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", - "source_name": "Gooligan Citation" + "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" }, { - "url": "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi", + "source_name": "Ludwig-GhostPush", "description": "Adrian Ludwig. (2016, November 29). The fight against Ghost Push continues. Retrieved December 12, 2016.", - "source_name": "Ludwig-GhostPush" + "url": "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi" }, { - "url": "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/", + "source_name": "Lookout-Gooligan", "description": "Lookout. (2016, December 1). Ghost Push and Gooligan: One and the same. Retrieved December 12, 2016.", - "source_name": "Lookout-Gooligan" + "url": "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/" } ], - "modified": "2019-10-10T15:18:50.693Z", - "name": "Gooligan", - "description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json index f9018894e4..5f72f4ec2f 100644 --- a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json +++ b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--0c1842cf-05ad-41b3-bdf1-4743f14045f3", + "id": "bundle--9fe5d1b4-96c2-4a7c-8208-77e32d80f4c2", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "SpyNote RAT", + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) (Remote Access Trojan) is a family of malicious Android apps. The [SpyNote RAT](https://attack.mitre.org/software/S0305) builder tool can be used to develop malicious apps with the malware's functionality. (Citation: Zscaler-SpyNote)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "SpyNote RAT" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", "type": "malware", + "id": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", "created": "2017-10-25T14:48:45.794Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0305", "external_id": "S0305" }, @@ -34,17 +37,14 @@ "description": "(Citation: Zscaler-SpyNote)" }, { - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", + "source_name": "Zscaler-SpyNote", "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", - "source_name": "Zscaler-SpyNote" + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" } ], - "modified": "2019-10-10T15:24:08.969Z", - "name": "SpyNote RAT", - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) (Remote Access Trojan) is a family of malicious Android apps. The [SpyNote RAT](https://attack.mitre.org/software/S0305) builder tool can be used to develop malicious apps with the malware's functionality. (Citation: Zscaler-SpyNote)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json index a35ab52f83..635e550f57 100644 --- a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json +++ b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--406490f2-7945-4a9b-9d8b-9cd80e7e6893", + "id": "bundle--af871691-efc2-4860-8eae-9135b15c35d7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json index a6178d8ea4..052a4628b0 100644 --- a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json +++ b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4a096882-8f9a-4451-8410-ef3aa8148787", + "id": "bundle--651b8be0-c53e-4d4f-b124-87d30699ab1f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json index fe404f3c3b..7f794d37e7 100644 --- a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json +++ b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--47b02d45-fa01-438e-9e9b-cc4fd0d4ebd5", + "id": "bundle--f3b756ff-93c5-41e3-a58d-641dd167c492", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json index 84223e32c0..e5aecaf681 100644 --- a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json +++ b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--41785b75-20d1-454f-bac2-d59f59084902", + "id": "bundle--93c43b6b-aac4-4f7c-b1e0-997be1db4181", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json index 21741b6920..727c44695c 100644 --- a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json +++ b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--57dbe928-df97-421c-98ee-bd2c853bbffe", + "id": "bundle--d85f062c-81f1-45a0-ad53-a2428afba658", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "NotCompatible", + "description": "[NotCompatible](https://attack.mitre.org/software/S0299) is an Android malware family that was used between at least 2014 and 2016. It has multiple variants that have become more sophisticated over time. (Citation: Lookout-NotCompatible)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", "created": "2017-10-25T14:48:36.707Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0299", "external_id": "S0299" }, @@ -33,12 +36,9 @@ "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "NotCompatible", - "description": "[NotCompatible](https://attack.mitre.org/software/S0299) is an Android malware family that was used between at least 2014 and 2016. It has multiple variants that have become more sophisticated over time. (Citation: Lookout-NotCompatible)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json index f972c883de..8d0bf9d6a7 100644 --- a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json +++ b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--b43a0194-660c-480e-8951-222a6141eb71", + "id": "bundle--5d96c7bc-8704-420c-8284-72f7aca99dd6", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "XLoader for Android", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) is a malicious Android app first observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. It has more recently been observed targeting South Korean users as a pornography application.(Citation: TrendMicro-XLoader-FakeSpy)(Citation: TrendMicro-XLoader) It is tracked separately from the [XLoader for iOS](https://attack.mitre.org/software/S0490).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "XLoader for Android" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", "type": "malware", + "id": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0318", "external_id": "S0318" }, @@ -35,8 +38,8 @@ }, { "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/" }, { "source_name": "TrendMicro-XLoader", @@ -44,12 +47,9 @@ "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" } ], - "modified": "2020-10-16T01:46:53.625Z", - "name": "XLoader for Android", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) is a malicious Android app first observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. It has more recently been observed targeting South Korean users as a pornography application.(Citation: TrendMicro-XLoader-FakeSpy)(Citation: TrendMicro-XLoader) It is tracked separately from the [XLoader for iOS](https://attack.mitre.org/software/S0490).", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json index ead36b14cc..48e78c859b 100644 --- a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json +++ b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--07d7c197-f635-4423-88d1-48dd34cb26a0", + "id": "bundle--9746fb71-7463-427f-a271-c844fb7fe678", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.FakeInst.a", + "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) is Android malware. (Citation: Kaspersky-MobileMalware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--28e39395-91e7-4f02-b694-5e079c964da9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--28e39395-91e7-4f02-b694-5e079c964da9", "created": "2017-10-25T14:48:46.107Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0306", "external_id": "S0306" }, @@ -33,12 +36,9 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.FakeInst.a", - "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json index 679d921ad0..2c00074f19 100644 --- a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json +++ b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--623aba3b-9238-4e19-8f8d-0a2470596b87", + "id": "bundle--2729e9c7-0157-4584-8fd7-7953daf4d871", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json index a8e0b0a377..efb198186f 100644 --- a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json +++ b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2e0c6742-2bb1-4a15-854e-dc7a55f265b4", + "id": "bundle--e0f90984-373e-4874-8e0c-69517d2a2465", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json index fe31374f68..8229d4cc96 100644 --- a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json +++ b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--311c7307-936f-46d4-b67c-b581d0275d96", + "id": "bundle--bff68b7e-30df-474d-858b-9b398d9bec35", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Dendroid", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.(Citation: Lookout-Dendroid)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Dendroid" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", "type": "malware", + "id": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", "created": "2017-10-25T14:48:37.438Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0301", "external_id": "S0301" }, @@ -39,12 +42,9 @@ "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" } ], - "modified": "2020-09-29T13:24:14.934Z", - "name": "Dendroid", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.(Citation: Lookout-Dendroid)", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json index 2964cceb02..782608ef12 100644 --- a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json +++ b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--22e30391-d14a-44bc-9db3-a30581ef1cec", + "id": "bundle--3a2166ed-a7cc-4963-b11a-6e5990d37469", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "WireLurker", + "description": "[WireLurker](https://attack.mitre.org/software/S0312) is a family of macOS malware that targets iOS devices connected over USB. (Citation: PaloAlto-WireLurker)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", "created": "2017-10-25T14:48:37.020Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0312", "external_id": "S0312" }, @@ -34,12 +37,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "WireLurker", - "description": "[WireLurker](https://attack.mitre.org/software/S0312) is a family of macOS malware that targets iOS devices connected over USB. (Citation: PaloAlto-WireLurker)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json index 70aa3c7887..66c8920b43 100644 --- a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json +++ b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5aa649a4-8c55-46d4-a9d3-a6cc75a59257", + "id": "bundle--f7b8c36c-81a2-4ccd-85b5-674ed6aa7109", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json index efb0edfe49..63dbde41b7 100644 --- a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json +++ b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json @@ -1,55 +1,55 @@ { "type": "bundle", - "id": "bundle--660c3948-8e18-4ab0-a012-6ae4a5a215af", + "id": "bundle--489603bc-674a-41b8-ac71-48caf4da7cc2", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Pegasus for iOS", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. (Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab) The Android version is tracked separately under [Pegasus for Android](https://attack.mitre.org/software/S0316).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "iOS" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.1", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Pegasus for iOS" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", "type": "malware", + "id": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", "created": "2017-10-25T14:48:44.238Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "external_id": "S0289", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0289", - "source_name": "mitre-mobile-attack" + "external_id": "S0289" }, { - "description": "(Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab)", - "source_name": "Pegasus for iOS" + "source_name": "Pegasus for iOS", + "description": "(Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "source_name": "Lookout-Pegasus", "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "source_name": "Lookout-Pegasus" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" }, { - "url": "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/", + "source_name": "PegasusCitizenLab", "description": "Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group\u2019s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.", - "source_name": "PegasusCitizenLab" + "url": "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/" } ], - "modified": "2020-01-24T13:55:33.492Z", - "name": "Pegasus for iOS", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. (Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab) The Android version is tracked separately under [Pegasus for Android](https://attack.mitre.org/software/S0316).", - "x_mitre_version": "1.1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json index 185fd09ff6..3a202833f0 100644 --- a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json +++ b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--b1569dcc-cc56-46e1-8ea6-35f6030f59c1", + "id": "bundle--683e3f0b-5b0f-4674-9b97-a645ef623da2", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Tangelo", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) is iOS malware that is believed to be from the same developers as the [Stealth Mango](https://attack.mitre.org/software/S0328) Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. (Citation: Lookout-StealthMango)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "iOS" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Tangelo" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", "type": "malware", + "id": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0329", "external_id": "S0329" }, @@ -34,17 +37,14 @@ "description": "(Citation: Lookout-StealthMango)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "source_name": "Lookout-StealthMango", "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" } ], - "modified": "2019-10-10T15:27:21.781Z", - "name": "Tangelo", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) is iOS malware that is believed to be from the same developers as the [Stealth Mango](https://attack.mitre.org/software/S0328) Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. (Citation: Lookout-StealthMango)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json index 165c80c7f4..09da74c251 100644 --- a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json +++ b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--e862b876-222e-45c9-ac44-bacfc4bb6f99", + "id": "bundle--4cd58f41-577c-4b43-b75a-c0971fab9ee3", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RCSAndroid", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) is Android malware. (Citation: TrendMicro-RCSAndroid)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "RCSAndroid" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", "type": "malware", + "id": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", "created": "2017-10-25T14:48:38.274Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0295", "external_id": "S0295" }, @@ -39,12 +42,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" } ], - "modified": "2019-10-10T15:22:52.282Z", - "name": "RCSAndroid", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) is Android malware. (Citation: TrendMicro-RCSAndroid)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json index 2b7e0150b2..195f9f4418 100644 --- a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json +++ b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7d5d8e4d-d2d9-46dd-b97b-b667d6b38102", + "id": "bundle--99e9339e-45b3-4750-b1eb-52f96cf4b3ff", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json index 428179d929..51759a86c2 100644 --- a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json +++ b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--5ca9b5f2-6d0f-42a5-8598-61e8c76fc0cb", + "id": "bundle--dff32d7f-807b-4002-b167-83de8aa3a95b", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Skygofree", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) is Android spyware that is believed to have been developed in 2014 and used through at least 2017. (Citation: Kaspersky-Skygofree)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Skygofree" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", "type": "malware", + "id": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0327", "external_id": "S0327" }, @@ -39,12 +42,9 @@ "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/" } ], - "modified": "2019-10-15T19:33:42.064Z", - "name": "Skygofree", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) is Android spyware that is believed to have been developed in 2014 and used through at least 2017. (Citation: Kaspersky-Skygofree)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json index c45d3900be..0d2756c868 100644 --- a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json +++ b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--0a6d14dc-d3e2-4eda-a9c3-8dbfd7f7dcf7", + "id": "bundle--ffd2fc1c-8fb6-4612-a428-7d676c608803", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "KeyRaider", + "description": "[KeyRaider](https://attack.mitre.org/software/S0288) is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. (Citation: Xiao-KeyRaider)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", "created": "2017-10-25T14:48:43.815Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0288", "external_id": "S0288" }, @@ -33,12 +36,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "KeyRaider", - "description": "[KeyRaider](https://attack.mitre.org/software/S0288) is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. (Citation: Xiao-KeyRaider)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json index c458feea2a..1ce2eb352e 100644 --- a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json +++ b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--b33bc796-c3b9-4a65-9dbe-69df0b46a406", + "id": "bundle--65dc432a-48c1-4add-8b0a-b1690a7bb1d7", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ZergHelper", + "description": "[ZergHelper](https://attack.mitre.org/software/S0287) is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. (Citation: Xiao-ZergHelper)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", "created": "2017-10-25T14:48:44.853Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0287", "external_id": "S0287" }, @@ -33,12 +36,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "ZergHelper", - "description": "[ZergHelper](https://attack.mitre.org/software/S0287) is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. (Citation: Xiao-ZergHelper)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json index 31c31991ba..6f09a4783e 100644 --- a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json +++ b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--af6f5ea7-0ebd-4cf3-a3b8-189d783d586a", + "id": "bundle--e601e1e2-4e12-4369-9bf5-0f311b63a826", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json index 63f976ff6a..c1012cd580 100644 --- a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json +++ b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--7a895155-1cc3-4acf-b6c1-343e4b4ec550", + "id": "bundle--a318dc79-d359-4148-bac8-e2265c4bd94a", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Twitoor", + "description": "[Twitoor](https://attack.mitre.org/software/S0302) is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Twitoor" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", "type": "malware", + "id": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", "created": "2017-10-25T14:48:42.313Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0302", "external_id": "S0302" }, @@ -34,17 +37,14 @@ "description": "(Citation: ESET-Twitoor)" }, { - "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "source_name": "ESET-Twitoor", "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.", - "source_name": "ESET-Twitoor" + "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/" } ], - "modified": "2020-09-30T13:19:59.692Z", - "name": "Twitoor", - "description": "[Twitoor](https://attack.mitre.org/software/S0302) is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json index 4fe31e1fdf..ba927bf191 100644 --- a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json +++ b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--a1929451-6b39-45ae-8ac7-0bdda91211a1", + "id": "bundle--3ed87438-7017-4109-840d-a0ec7890837f", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ANDROIDOS_ANSERVER.A", + "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) is Android malware that is unique because it uses encrypted content within a blog site for command and control. (Citation: TrendMicro-Anserver)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.3", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "ANDROIDOS_ANSERVER.A" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", "type": "malware", + "id": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", "created": "2017-10-25T14:48:47.965Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0310", "external_id": "S0310" }, @@ -39,12 +42,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/" } ], - "modified": "2019-10-15T19:55:04.407Z", - "name": "ANDROIDOS_ANSERVER.A", - "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) is Android malware that is unique because it uses encrypted content within a blog site for command and control. (Citation: TrendMicro-Anserver)", - "x_mitre_version": "1.3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json index b369c4c1e6..edf3b3b974 100644 --- a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json +++ b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--05951ca9-b319-4b88-8e02-fb24955428b3", + "id": "bundle--1892f47a-3eb2-4cc7-aac3-ad2804c3df34", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "DualToy", + "description": "[DualToy](https://attack.mitre.org/software/S0315) is Windows malware that installs malicious applications onto Android and iOS devices connected over USB. (Citation: PaloAlto-DualToy)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", "created": "2017-10-25T14:48:41.721Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0315", "external_id": "S0315" }, @@ -33,12 +36,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "DualToy", - "description": "[DualToy](https://attack.mitre.org/software/S0315) is Windows malware that installs malicious applications onto Android and iOS devices connected over USB. (Citation: PaloAlto-DualToy)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json index 1fab2347f3..420651a35d 100644 --- a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json +++ b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b8f5ba09-3089-4ed1-bb5d-e40fc4c4613e", + "id": "bundle--8ff200e0-6a05-4a4c-b244-f004ddeefde6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json index 6a97433fa1..c6f4270677 100644 --- a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json +++ b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--4227151e-9e21-47a6-b7d4-785658367016", + "id": "bundle--65b7dcb5-5744-4f99-ba07-6a96316fadd2", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "X-Agent for Android", + "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. (Citation: CrowdStrike-Android) Is it tracked separately from the [CHOPSTICK](https://attack.mitre.org/software/S0023).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--56660521-6db4-4e5a-a927-464f22954b7c", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--56660521-6db4-4e5a-a927-464f22954b7c", "created": "2017-10-25T14:48:42.034Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0314", "external_id": "S0314" }, @@ -33,12 +36,9 @@ "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "X-Agent for Android", - "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. (Citation: CrowdStrike-Android) Is it tracked separately from the [CHOPSTICK](https://attack.mitre.org/software/S0023).", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json index eef76a3364..3e8a506f88 100644 --- a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json +++ b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--405a6619-e0a8-4073-9b16-7ae55773428a", + "id": "bundle--525ccbad-d6df-4f39-857b-583b4d9c0b0d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json index 2c9b8ed335..36f38f2520 100644 --- a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json +++ b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--62752e25-184a-49c2-a1d5-7da88fcb81b2", + "id": "bundle--f17bca58-b688-406d-b8c9-125cc3ceaaa9", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "MazarBOT", + "description": "[MazarBOT](https://attack.mitre.org/software/S0303) is Android malware that was distributed via SMS in Denmark in 2016. (Citation: Tripwire-MazarBOT)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", "created": "2017-10-25T14:48:40.875Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0303", "external_id": "S0303" }, @@ -33,12 +36,9 @@ "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "MazarBOT", - "description": "[MazarBOT](https://attack.mitre.org/software/S0303) is Android malware that was distributed via SMS in Denmark in 2016. (Citation: Tripwire-MazarBOT)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json index c2dc53f998..0bbeb13de3 100644 --- a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json +++ b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2fd94dfa-1ed0-41dd-be46-056b06fd6ccd", + "id": "bundle--eac00d42-5cdf-4755-b36e-0aebd3bf560a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json index 91bccd1622..6d4b9aeef2 100644 --- a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json +++ b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--5f84fd4d-abc4-47fe-9125-be9737c4f386", + "id": "bundle--b2117ff9-78ea-4ec4-8660-7d3e2884c7d6", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "HummingWhale", + "description": "[HummingWhale](https://attack.mitre.org/software/S0321) is an Android malware family that performs ad fraud. (Citation: ArsTechnica-HummingWhale)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", "created": "2017-10-25T14:48:40.259Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0321", "external_id": "S0321" }, @@ -33,12 +36,9 @@ "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "HummingWhale", - "description": "[HummingWhale](https://attack.mitre.org/software/S0321) is an Android malware family that performs ad fraud. (Citation: ArsTechnica-HummingWhale)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json index 7b81fad555..1be0db3dcf 100644 --- a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json +++ b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3fed882-c7ea-4011-83fa-0b84e7c2aba2", + "id": "bundle--14ff13d3-5985-492d-a734-8ee0ebcaa807", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json index d53b4cc522..50a57ba1f2 100644 --- a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json +++ b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5646f88c-2b64-43bd-bece-e788b80d5404", + "id": "bundle--64709923-c792-41d2-9f4d-d810f5c77146", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json index 6d5bcc4d22..64145fa892 100644 --- a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json +++ b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--19e60606-3106-4914-9cfd-f563a86451f5", + "id": "bundle--2b510790-c6a4-44f4-9398-9c394da07206", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json index 38059328af..4e302ec0b4 100644 --- a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json +++ b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--23bb7e29-6195-4a9c-a0ae-6b545580e7d1", + "id": "bundle--c443ae79-2577-4e47-8d90-5f804cec83a3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json index 440a6568a8..50d9852d8a 100644 --- a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json +++ b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9c77e06-5583-414d-bfa5-fafe5349bbfa", + "id": "bundle--d6f31356-b9f3-43a5-8fcf-a4123b0eb40e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json index 96bf1c275b..b5eace2cf7 100644 --- a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json +++ b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--6b56c8b4-56f2-49b1-a3a0-64b30497471f", + "id": "bundle--66a36905-958c-4e1f-8aad-ddbc2b376f52", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "SpyDealer", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) is Android malware that exfiltrates sensitive data from Android devices. (Citation: PaloAlto-SpyDealer)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "SpyDealer" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "type": "malware", + "id": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0324", "external_id": "S0324" }, @@ -39,12 +42,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/" } ], - "modified": "2019-10-15T19:37:21.120Z", - "name": "SpyDealer", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) is Android malware that exfiltrates sensitive data from Android devices. (Citation: PaloAlto-SpyDealer)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json index c21060e369..884225113a 100644 --- a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json +++ b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--256a3419-8971-48f2-8a7f-451977213437", + "id": "bundle--e7929b8d-e01d-4fe1-bf4f-3fe270c16c38", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json index 4edac3c0bc..528b54c622 100644 --- a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json +++ b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--738b0854-9ef5-47ba-95bd-858e1835c341", + "id": "bundle--55463092-c32c-40db-814a-c9d50fa4a0b9", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RuMMS", + "description": "[RuMMS](https://attack.mitre.org/software/S0313) is an Android malware family. (Citation: FireEye-RuMMS)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--936be60d-90eb-4c36-9247-4b31128432c4", "created": "2017-10-25T14:48:48.917Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0313", "external_id": "S0313" }, @@ -33,12 +36,9 @@ "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "RuMMS", - "description": "[RuMMS](https://attack.mitre.org/software/S0313) is an Android malware family. (Citation: FireEye-RuMMS)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json index a8fd965015..6170695f16 100644 --- a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json +++ b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json @@ -1,32 +1,35 @@ { "type": "bundle", - "id": "bundle--7f39d38a-2763-433d-921c-a21beab997f0", + "id": "bundle--ec9981d7-e2fe-473b-a0f9-80db159caf92", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Pegasus for Android", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) is the Android version of malware that has reportedly been linked to the NSO Group. (Citation: Lookout-PegasusAndroid) (Citation: Google-Chrysaor) The iOS version is tracked separately under [Pegasus for iOS](https://attack.mitre.org/software/S0289).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Pegasus for Android", "Chrysaor" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "type": "malware", + "id": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "created": "2017-10-25T14:48:41.202Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0316", "external_id": "S0316" }, @@ -49,12 +52,9 @@ "url": "https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html" } ], - "modified": "2019-08-09T17:52:31.636Z", - "name": "Pegasus for Android", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) is the Android version of malware that has reportedly been linked to the NSO Group. (Citation: Lookout-PegasusAndroid) (Citation: Google-Chrysaor) The iOS version is tracked separately under [Pegasus for iOS](https://attack.mitre.org/software/S0289).", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json index b20a8c28d9..54b3a5f667 100644 --- a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json +++ b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1211a9e0-5c0e-4d0e-8b7d-a54e8103eb56", + "id": "bundle--f056e4a8-a7c2-40e6-9fab-eb8a7d262b0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json index 47d4422935..884b45acf2 100644 --- a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json +++ b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--665a2d6b-fa8e-4731-a63f-1e3a87b80460", + "id": "bundle--ce85ee09-ab72-4fb6-ab83-01d2552f8389", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json index e71cb63fe3..9f1af158b0 100644 --- a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json +++ b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--54d84d84-98d6-4d1f-acce-af34d152a386", + "id": "bundle--b5a50bfd-cafb-443f-bf4c-be163c774723", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RedDrop", + "description": "[RedDrop](https://attack.mitre.org/software/S0326) is an Android malware family that exfiltrates sensitive data from devices. (Citation: Wandera-RedDrop)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "RedDrop" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", "type": "malware", + "id": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0326", "external_id": "S0326" }, @@ -39,12 +42,9 @@ "url": "https://www.wandera.com/reddrop-malware/" } ], - "modified": "2019-10-15T19:56:13.028Z", - "name": "RedDrop", - "description": "[RedDrop](https://attack.mitre.org/software/S0326) is an Android malware family that exfiltrates sensitive data from devices. (Citation: Wandera-RedDrop)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json index c0257dca91..db8a7c472f 100644 --- a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json +++ b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--946e55bd-d638-4641-a243-8327b63aaabe", + "id": "bundle--1ab3e4f1-723a-4ed9-be51-83b7fe2db46f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json index 86c267921f..3ed1d196ba 100644 --- a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json +++ b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--61fa7490-6d18-4417-99d5-c6711d120758", + "id": "bundle--e3ed7c8e-0dc6-4489-a3ee-051cfed0f442", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "YiSpecter", + "description": "[YiSpecter](https://attack.mitre.org/software/S0311) iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. (Citation: PaloAlto-YiSpecter)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9", "created": "2017-10-25T14:48:48.301Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0311", "external_id": "S0311" }, @@ -33,12 +36,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "YiSpecter", - "description": "[YiSpecter](https://attack.mitre.org/software/S0311) iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. (Citation: PaloAlto-YiSpecter)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json index 66325c849f..e37b330d11 100644 --- a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json +++ b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--6bce6c70-ddb3-4879-943a-d1df7f546e92", + "id": "bundle--4474ae26-6c13-4e53-b0d8-09b5ee38c4a5", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.Agent.ao", + "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) is Android malware. (Citation: Kaspersky-MobileMalware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", "created": "2017-10-25T14:48:46.411Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0307", "external_id": "S0307" }, @@ -33,12 +36,9 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.Agent.ao", - "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json index b215d4dd4a..6cefee753f 100644 --- a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json +++ b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0faa97b5-a526-4b56-aa58-00f4a0c109db", + "id": "bundle--d755ba10-f082-400c-9bc5-9f2c2509ce68", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json index b0c3e4fae1..c03c9c6a9a 100644 --- a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json +++ b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--f0b0ff4e-db5f-466b-9cbb-9099f33cd5da", + "id": "bundle--2c942c67-6119-4276-92e2-e9b3748cdada", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "AndroRAT", + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) is malware that allows a third party to control the device and collect information. (Citation: Lookout-EnterpriseApps)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", "created": "2017-10-25T14:48:47.363Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0292", "external_id": "S0292" }, @@ -33,12 +36,9 @@ "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "AndroRAT", - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) is malware that allows a third party to control the device and collect information. (Citation: Lookout-EnterpriseApps)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json index 8f86f15263..5b0d00578e 100644 --- a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json +++ b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e87377e1-f67d-406e-8bce-274d0b8640fb", + "id": "bundle--3958f2c0-0176-4056-8b74-38d95ad7dece", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json index a5a9c4328f..2c239d927e 100644 --- a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json +++ b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db9f3974-263b-49f8-bb67-2792400f486a", + "id": "bundle--70fdf1f5-2415-4a55-9f2c-2567f46bd9d8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json index bed0a1888f..647cd0ac3f 100644 --- a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json +++ b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a64db31d-3a97-43da-b082-9c98743e6407", + "id": "bundle--f9bfd122-c4d7-4a59-ab45-5585f5cb4174", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json index 0a4d5045d1..06aee84b69 100644 --- a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json +++ b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6158d683-8477-4768-98b6-1b37004915d5", + "id": "bundle--b6f99f0e-c5ae-482c-a27e-e120a40585af", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json index 9666e915f2..af26164625 100644 --- a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json +++ b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eccea8a0-0ae0-4325-8523-6a14606b745f", + "id": "bundle--445dc459-1c31-42a6-ba69-af33f9a91bd6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json index 5abc7f82bb..c3f41f11b3 100644 --- a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json +++ b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--24e00fba-ae8e-4b9e-b203-42a084efac3d", + "id": "bundle--61c142a3-cf58-4ecf-9a30-d02e6f347666", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json index d756f5ca7f..a2c7e28739 100644 --- a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json +++ b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e8700e61-9674-4019-9884-83d0513cadb3", + "id": "bundle--5fd65659-510e-4b71-a888-fc7959bc0dd4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json index e21df1dbb4..2c31c798d1 100644 --- a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json +++ b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1cafd6c-1547-4150-9ee8-520ba7b324d3", + "id": "bundle--f9f2b992-b6fd-4b8b-adae-3666d18c9a9b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json index 09601d1d41..dc22651d43 100644 --- a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json +++ b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--05c912f4-69e1-4f2a-900e-3aaf31e5b872", + "id": "bundle--073c6716-f1b1-4258-8b45-9c17e7cd0a8f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json index 6444b13498..a1557864b1 100644 --- a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json +++ b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--67a51318-1982-40a9-8e87-73fbc5befc50", + "id": "bundle--12aa9c0e-c59e-4b91-ad21-df390ffb7c67", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json index 026e528bcf..b9a3bb7d36 100644 --- a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json +++ b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5e658400-cfcf-4c74-ab88-b1b9ae6914fa", + "id": "bundle--d84cb540-85cc-480d-91ba-4322a0364128", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json index 22b0093ed9..7c17e8c833 100644 --- a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json +++ b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--6585253a-2147-4961-8afc-a26e15769ece", + "id": "bundle--bc81e94f-38fe-4618-b252-235adedaf706", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "PJApps", + "description": "[PJApps](https://attack.mitre.org/software/S0291) is an Android malware family. (Citation: Lookout-EnterpriseApps)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", "created": "2017-10-25T14:48:43.527Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0291", "external_id": "S0291" }, @@ -33,12 +36,9 @@ "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "PJApps", - "description": "[PJApps](https://attack.mitre.org/software/S0291) is an Android malware family. (Citation: Lookout-EnterpriseApps)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json index a307fd87f1..3e8d5ac1b0 100644 --- a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json +++ b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--dc89420d-509e-498a-82c4-eacd1224591d", + "id": "bundle--b167043b-754b-46e6-8354-988c93245365", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ShiftyBug", + "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. (Citation: Lookout-Adware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", "created": "2017-10-25T14:48:38.690Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0294", "external_id": "S0294" }, @@ -33,12 +36,9 @@ "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "ShiftyBug", - "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. (Citation: Lookout-Adware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json index e7c5ee3b0a..0f1fe0b16e 100644 --- a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json +++ b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--f48e5f5b-0dcc-4d7d-8a98-4bb8517f4359", + "id": "bundle--925a87e8-d984-426b-93f3-e37b9ee0671e", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "HummingBad", + "description": "[HummingBad](https://attack.mitre.org/software/S0322) is a family of Android malware that generates fraudulent advertising revenue and has the ability to obtain root access on older, vulnerable versions of Android. (Citation: ArsTechnica-HummingBad)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", "created": "2017-10-25T14:48:42.948Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0322", "external_id": "S0322" }, @@ -33,12 +36,9 @@ "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "HummingBad", - "description": "[HummingBad](https://attack.mitre.org/software/S0322) is a family of Android malware that generates fraudulent advertising revenue and has the ability to obtain root access on older, vulnerable versions of Android. (Citation: ArsTechnica-HummingBad)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json index a979f17beb..038a636ffc 100644 --- a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json +++ b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--32c2cfe5-1c38-45a2-a5f9-2fa95a3db983", + "id": "bundle--4c744cca-cfb1-474a-89da-48894b5ae519", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json index 795ac38958..d63f1dc0a1 100644 --- a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json +++ b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--4ab4e6fc-3968-48a9-94f8-bada14b1eb01", + "id": "bundle--31d6c3e4-55fa-4b05-8748-4190cd6bc426", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "OBAD", + "description": "OBAD is an Android malware family. (Citation: TrendMicro-Obad)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", "created": "2017-10-25T14:48:44.540Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0286", "external_id": "S0286" }, @@ -33,12 +36,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "OBAD", - "description": "OBAD is an Android malware family. (Citation: TrendMicro-Obad)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json index c1f3be0600..ff303f2aa2 100644 --- a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json +++ b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--910ccbee-c02e-439b-b59a-b9e9a181f594", + "id": "bundle--aa72b7d8-0b61-459e-bada-1ad6e0551539", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Android/Chuli.A", + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) is Android malware that was delivered to activist groups via a spearphishing email with an attachment. (Citation: Kaspersky-WUC)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Android/Chuli.A" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", "type": "malware", + "id": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", "created": "2017-10-25T14:48:45.482Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0304", "external_id": "S0304" }, @@ -39,12 +42,9 @@ "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" } ], - "modified": "2019-10-15T20:31:25.864Z", - "name": "Android/Chuli.A", - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) is Android malware that was delivered to activist groups via a spearphishing email with an attachment. (Citation: Kaspersky-WUC)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json index 4d53102c53..689b7f17e6 100644 --- a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json +++ b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json @@ -1,31 +1,34 @@ { "type": "bundle", - "id": "bundle--000962e0-5ff2-4123-b620-f559cc65b004", + "id": "bundle--1685d851-5eae-4680-93b8-0966e950cea6", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Charger", + "description": "[Charger](https://attack.mitre.org/software/S0323) is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. (Citation: CheckPoint-Charger)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.1", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Charger" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", "type": "malware", + "id": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", "created": "2017-10-25T14:48:39.631Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0323", "external_id": "S0323" }, @@ -34,17 +37,14 @@ "description": "(Citation: CheckPoint-Charger)" }, { - "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/", + "source_name": "CheckPoint-Charger", "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", - "source_name": "CheckPoint-Charger" + "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" } ], - "modified": "2019-10-09T14:51:42.697Z", - "name": "Charger", - "description": "[Charger](https://attack.mitre.org/software/S0323) is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. (Citation: CheckPoint-Charger)", - "x_mitre_version": "1.1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json index 3c6bbe672f..f3e3a20842 100644 --- a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json +++ b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--29797cde-9d4a-4a2c-bb37-521cf4685ef9", + "id": "bundle--87179643-520e-473e-b1a5-518bc3e9a278", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.OpFake.a", + "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) is Android malware. (Citation: Kaspersky-MobileMalware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d89c132d-7752-4c7f-9372-954a71522985", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--d89c132d-7752-4c7f-9372-954a71522985", "created": "2017-10-25T14:48:46.734Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0308", "external_id": "S0308" }, @@ -33,12 +36,9 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.OpFake.a", - "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json index c245b27065..90898088f6 100644 --- a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json +++ b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--c8c91ae4-2cc7-4fee-8ba3-712f47f366af", + "id": "bundle--8cd045ca-1a0e-4c98-9f8b-8b91fa4bf878", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "XcodeGhost", + "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. (Citation: PaloAlto-XcodeGhost1) (Citation: PaloAlto-XcodeGhost)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", "created": "2017-10-25T14:48:42.661Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0297", "external_id": "S0297" }, @@ -38,12 +41,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "XcodeGhost", - "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. (Citation: PaloAlto-XcodeGhost1) (Citation: PaloAlto-XcodeGhost)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json index 8574b3a223..9490aa05aa 100644 --- a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json +++ b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--35f3d634-ff1a-41b7-9594-77c823b30f05", + "id": "bundle--b19f72cb-95e7-46b3-b6b2-362e093d934c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json index bdd3fda3e7..526a1c1231 100644 --- a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json +++ b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--836b2a9a-6b24-40ac-9f95-5a11b83c5771", + "id": "bundle--84ac5d19-646b-42b1-8c52-3646deacbcc5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json index c0e15a41bd..cbc3eac0b5 100644 --- a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json +++ b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--55fc5247-cc60-4c11-9385-1a722b60797d", + "id": "bundle--3048c613-7cd3-47b7-b98e-cf99996cb33d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json index 5c4490680a..55dc6b370d 100644 --- a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json +++ b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc5cd015-b8a4-4aa6-afd7-29ba92fa4015", + "id": "bundle--0c1778b2-99d3-416c-80fa-c1991ba44ed1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json index 1e10d03966..31af203df8 100644 --- a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json +++ b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0c3f152a-d28f-4339-b768-88b2c9581ba4", + "id": "bundle--1076a9a6-356a-48c3-83d2-685e9aaf5a14", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json index cc830686b0..894aa7016d 100644 --- a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json +++ b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d456b8c9-51a9-4fa5-ac62-e38fab211f41", + "id": "bundle--b82cfcc2-cb25-4a7b-bf0c-dbe38471d7e5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json index 6918c457a1..81896555bc 100644 --- a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json +++ b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--47036aa4-e025-4c73-87c4-53a86a31f8c7", + "id": "bundle--369f2f06-7af0-408c-bec9-1b9e4e1bdb77", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json index a95a7f3552..ed5bba4e22 100644 --- a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json +++ b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4673b00e-e98b-4729-b86c-410ad08e588d", + "id": "bundle--8b53f4c6-92ef-4180-a39d-9524194f960b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json index c6dbb1be51..b43c0bb0e4 100644 --- a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json +++ b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--1d005ae4-2095-4fd0-84d7-d6ee1c3347a7", + "id": "bundle--57bae0ab-2831-4c46-81be-d8e3e5aeadf6", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Adups", + "description": "[Adups](https://attack.mitre.org/software/S0309) is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server. (Citation: NYTimes-BackDoor) (Citation: BankInfoSecurity-BackDoor)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", "created": "2017-10-25T14:48:47.038Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0309", "external_id": "S0309" }, @@ -38,12 +41,9 @@ "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Adups", - "description": "[Adups](https://attack.mitre.org/software/S0309) is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server. (Citation: NYTimes-BackDoor) (Citation: BankInfoSecurity-BackDoor)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json index 185470b238..d8d0d11bd2 100644 --- a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json +++ b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9edfe8b-58f6-4585-adfb-b1219e204b1f", + "id": "bundle--cbbba500-3e42-4e59-a36b-ea8f34e00b97", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json index 6a8d71b90d..b0d17c6e77 100644 --- a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json +++ b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--968d362d-19a6-4db6-a6b6-1eb522d5173d", + "id": "bundle--8788e3d4-702f-491d-bc6f-81af3a6afcf8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json index 77f3aa60d1..a6bf9fb2b3 100644 --- a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json +++ b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--090ab4ff-c369-4c0e-bba4-d87b4c68b662", + "id": "bundle--a11214fa-d1d4-47f3-856e-f838f53e4714", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Marcher", + "description": "[Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0317", "external_id": "S0317" }, @@ -29,12 +32,9 @@ "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Marcher", - "description": "[Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json index 594e5a9385..d4e3bc2798 100644 --- a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json +++ b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--f6ae595a-72a1-4e61-8e53-44648484f7f5", + "id": "bundle--bd933faa-a64b-4894-9384-f2fb8a6be47a", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "DressCode", + "description": "[DressCode](https://attack.mitre.org/software/S0300) is an Android malware family. (Citation: TrendMicro-DressCode)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", "created": "2017-10-25T14:48:37.856Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0300", "external_id": "S0300" }, @@ -33,12 +36,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "DressCode", - "description": "[DressCode](https://attack.mitre.org/software/S0300) is an Android malware family. (Citation: TrendMicro-DressCode)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json index b11575d57a..1207391a05 100644 --- a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json +++ b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c48df2d-3146-4fba-b22c-6b88bea87593", + "id": "bundle--de34d744-929b-4a1b-98e1-d51189d3d29f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json index 05177d2f8d..d4b5cf7d70 100644 --- a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json +++ b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b35369a-f76f-4a99-a904-3966b1181f0c", + "id": "bundle--87ddbd64-0ab5-4fcf-a556-80f061546a23", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/mobile-attack.json b/mobile-attack/mobile-attack.json index 788760d7f4..a5bb83e31c 100644 --- a/mobile-attack/mobile-attack.json +++ b/mobile-attack/mobile-attack.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--adac1215-a6be-4f71-84ad-8d467e1dc412", + "id": "bundle--e49ea380-0819-4345-af49-05a84cc47a20", "objects": [ { "tactic_refs": [ @@ -574,28 +574,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Stealth Mango", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as [Tangelo](https://attack.mitre.org/software/S0329) is believed to be from the same developer. (Citation: Lookout-StealthMango)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.3", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Stealth Mango" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", "type": "malware", + "id": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0328", "external_id": "S0328" }, @@ -604,35 +607,35 @@ "description": "(Citation: Lookout-StealthMango)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "source_name": "Lookout-StealthMango", "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" } ], - "modified": "2020-09-11T15:55:43.283Z", - "name": "Stealth Mango", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is Android malware that has reportedly been used to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. The iOS malware known as [Tangelo](https://attack.mitre.org/software/S0329) is believed to be from the same developer. (Citation: Lookout-StealthMango)", - "x_mitre_version": "1.3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "labels": [ - "malware" - ], - "x_mitre_domains": [ - "mobile-attack" - ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] + }, + { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Allwinner", + "description": "[Allwinner](https://attack.mitre.org/software/S0319) is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) for use on these devices reportedly contained a backdoor. (Citation: HackerNews-Allwinner)", + "labels": [ + "malware" ], - "id": "malware--08784a9d-09e9-4dce-a839-9612398214e8", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--08784a9d-09e9-4dce-a839-9612398214e8", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0319", "external_id": "S0319" }, @@ -646,12 +649,9 @@ "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Allwinner", - "description": "[Allwinner](https://attack.mitre.org/software/S0319) is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) for use on these devices reportedly contained a backdoor. (Citation: HackerNews-Allwinner)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -739,22 +739,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Judy", + "description": "[Judy](https://attack.mitre.org/software/S0325) is auto-clicking adware that was distributed through multiple apps in the Google Play Store. (Citation: CheckPoint-Judy)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--172444ab-97fc-4d94-b142-179452bfb760", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--172444ab-97fc-4d94-b142-179452bfb760", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0325", "external_id": "S0325" }, @@ -768,30 +771,30 @@ "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Judy", - "description": "[Judy](https://attack.mitre.org/software/S0325) is auto-clicking adware that was distributed through multiple apps in the Google Play Store. (Citation: CheckPoint-Judy)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "OldBoot", + "description": "[OldBoot](https://attack.mitre.org/software/S0285) is an Android malware family. (Citation: HackerNews-OldBoot)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", "created": "2017-10-25T14:48:45.155Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0285", "external_id": "S0285" }, @@ -805,37 +808,37 @@ "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "OldBoot", - "description": "[OldBoot](https://attack.mitre.org/software/S0285) is an Android malware family. (Citation: HackerNews-OldBoot)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Gooligan", + "description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Gooligan", "Ghost Push" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--20d56cd6-8dff-4871-9889-d32d254816de", "type": "malware", + "id": "malware--20d56cd6-8dff-4871-9889-d32d254816de", "created": "2017-10-25T14:48:43.242Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0290", "external_id": "S0290" }, @@ -848,51 +851,51 @@ "description": "Gooligan has been described as being part of the Ghost Push Android malware family. (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)" }, { - "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/", + "source_name": "Gooligan Citation", "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", - "source_name": "Gooligan Citation" + "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" }, { - "url": "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi", + "source_name": "Ludwig-GhostPush", "description": "Adrian Ludwig. (2016, November 29). The fight against Ghost Push continues. Retrieved December 12, 2016.", - "source_name": "Ludwig-GhostPush" + "url": "https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi" }, { - "url": "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/", + "source_name": "Lookout-Gooligan", "description": "Lookout. (2016, December 1). Ghost Push and Gooligan: One and the same. Retrieved December 12, 2016.", - "source_name": "Lookout-Gooligan" + "url": "https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/" } ], - "modified": "2019-10-10T15:18:50.693Z", - "name": "Gooligan", - "description": "[Gooligan](https://attack.mitre.org/software/S0290) is a malware family that runs privilege escalation exploits on Android devices and then uses its escalated privileges to steal authentication tokens that can be used to access data from many Google applications. [Gooligan](https://attack.mitre.org/software/S0290) has been described as part of the Ghost Push Android malware family. (Citation: Gooligan Citation) (Citation: Ludwig-GhostPush) (Citation: Lookout-Gooligan)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "SpyNote RAT", + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) (Remote Access Trojan) is a family of malicious Android apps. The [SpyNote RAT](https://attack.mitre.org/software/S0305) builder tool can be used to develop malicious apps with the malware's functionality. (Citation: Zscaler-SpyNote)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "SpyNote RAT" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", "type": "malware", + "id": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", "created": "2017-10-25T14:48:45.794Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0305", "external_id": "S0305" }, @@ -901,17 +904,14 @@ "description": "(Citation: Zscaler-SpyNote)" }, { - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", + "source_name": "Zscaler-SpyNote", "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", - "source_name": "Zscaler-SpyNote" + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" } ], - "modified": "2019-10-10T15:24:08.969Z", - "name": "SpyNote RAT", - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) (Remote Access Trojan) is a family of malicious Android apps. The [SpyNote RAT](https://attack.mitre.org/software/S0305) builder tool can be used to develop malicious apps with the malware's functionality. (Citation: Zscaler-SpyNote)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1075,22 +1075,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "NotCompatible", + "description": "[NotCompatible](https://attack.mitre.org/software/S0299) is an Android malware family that was used between at least 2014 and 2016. It has multiple variants that have become more sophisticated over time. (Citation: Lookout-NotCompatible)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", "created": "2017-10-25T14:48:36.707Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0299", "external_id": "S0299" }, @@ -1104,36 +1107,36 @@ "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "NotCompatible", - "description": "[NotCompatible](https://attack.mitre.org/software/S0299) is an Android malware family that was used between at least 2014 and 2016. It has multiple variants that have become more sophisticated over time. (Citation: Lookout-NotCompatible)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "XLoader for Android", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) is a malicious Android app first observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. It has more recently been observed targeting South Korean users as a pornography application.(Citation: TrendMicro-XLoader-FakeSpy)(Citation: TrendMicro-XLoader) It is tracked separately from the [XLoader for iOS](https://attack.mitre.org/software/S0490).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "XLoader for Android" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", "type": "malware", + "id": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0318", "external_id": "S0318" }, @@ -1143,8 +1146,8 @@ }, { "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/" }, { "source_name": "TrendMicro-XLoader", @@ -1152,30 +1155,30 @@ "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" } ], - "modified": "2020-10-16T01:46:53.625Z", - "name": "XLoader for Android", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) is a malicious Android app first observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. It has more recently been observed targeting South Korean users as a pornography application.(Citation: TrendMicro-XLoader-FakeSpy)(Citation: TrendMicro-XLoader) It is tracked separately from the [XLoader for iOS](https://attack.mitre.org/software/S0490).", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.FakeInst.a", + "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) is Android malware. (Citation: Kaspersky-MobileMalware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--28e39395-91e7-4f02-b694-5e079c964da9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--28e39395-91e7-4f02-b694-5e079c964da9", "created": "2017-10-25T14:48:46.107Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0306", "external_id": "S0306" }, @@ -1189,12 +1192,9 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.FakeInst.a", - "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1285,28 +1285,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Dendroid", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.(Citation: Lookout-Dendroid)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Dendroid" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", "type": "malware", + "id": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", "created": "2017-10-25T14:48:37.438Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0301", "external_id": "S0301" }, @@ -1320,30 +1323,30 @@ "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" } ], - "modified": "2020-09-29T13:24:14.934Z", - "name": "Dendroid", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) is an Android remote access tool (RAT) primarily targeting Western countries. The RAT was available for purchase for $300 and came bundled with a utility to inject the RAT into legitimate applications.(Citation: Lookout-Dendroid)", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "WireLurker", + "description": "[WireLurker](https://attack.mitre.org/software/S0312) is a family of macOS malware that targets iOS devices connected over USB. (Citation: PaloAlto-WireLurker)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", "created": "2017-10-25T14:48:37.020Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0312", "external_id": "S0312" }, @@ -1358,12 +1361,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "WireLurker", - "description": "[WireLurker](https://attack.mitre.org/software/S0312) is a family of macOS malware that targets iOS devices connected over USB. (Citation: PaloAlto-WireLurker)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1405,76 +1405,79 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Pegasus for iOS", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. (Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab) The Android version is tracked separately under [Pegasus for Android](https://attack.mitre.org/software/S0316).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "iOS" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.1", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Pegasus for iOS" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", "type": "malware", + "id": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", "created": "2017-10-25T14:48:44.238Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "external_id": "S0289", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0289", - "source_name": "mitre-mobile-attack" + "external_id": "S0289" }, { - "description": "(Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab)", - "source_name": "Pegasus for iOS" + "source_name": "Pegasus for iOS", + "description": "(Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "source_name": "Lookout-Pegasus", "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "source_name": "Lookout-Pegasus" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" }, { - "url": "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/", + "source_name": "PegasusCitizenLab", "description": "Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.", - "source_name": "PegasusCitizenLab" + "url": "https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/" } ], - "modified": "2020-01-24T13:55:33.492Z", - "name": "Pegasus for iOS", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. (Citation: Lookout-Pegasus) (Citation: PegasusCitizenLab) The Android version is tracked separately under [Pegasus for Android](https://attack.mitre.org/software/S0316).", - "x_mitre_version": "1.1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Tangelo", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) is iOS malware that is believed to be from the same developers as the [Stealth Mango](https://attack.mitre.org/software/S0328) Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. (Citation: Lookout-StealthMango)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "iOS" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Tangelo" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", "type": "malware", + "id": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0329", "external_id": "S0329" }, @@ -1483,41 +1486,41 @@ "description": "(Citation: Lookout-StealthMango)" }, { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "source_name": "Lookout-StealthMango", "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" } ], - "modified": "2019-10-10T15:27:21.781Z", - "name": "Tangelo", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) is iOS malware that is believed to be from the same developers as the [Stealth Mango](https://attack.mitre.org/software/S0328) Android malware. It is not a mobile application, but rather a Debian package that can only run on jailbroken iOS devices. (Citation: Lookout-StealthMango)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RCSAndroid", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) is Android malware. (Citation: TrendMicro-RCSAndroid)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "RCSAndroid" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", "type": "malware", + "id": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", "created": "2017-10-25T14:48:38.274Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0295", "external_id": "S0295" }, @@ -1531,12 +1534,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" } ], - "modified": "2019-10-10T15:22:52.282Z", - "name": "RCSAndroid", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) is Android malware. (Citation: TrendMicro-RCSAndroid)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1588,28 +1588,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Skygofree", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) is Android spyware that is believed to have been developed in 2014 and used through at least 2017. (Citation: Kaspersky-Skygofree)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Skygofree" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", "type": "malware", + "id": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0327", "external_id": "S0327" }, @@ -1623,30 +1626,30 @@ "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/" } ], - "modified": "2019-10-15T19:33:42.064Z", - "name": "Skygofree", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) is Android spyware that is believed to have been developed in 2014 and used through at least 2017. (Citation: Kaspersky-Skygofree)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "KeyRaider", + "description": "[KeyRaider](https://attack.mitre.org/software/S0288) is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. (Citation: Xiao-KeyRaider)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", "created": "2017-10-25T14:48:43.815Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0288", "external_id": "S0288" }, @@ -1660,30 +1663,30 @@ "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "KeyRaider", - "description": "[KeyRaider](https://attack.mitre.org/software/S0288) is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. (Citation: Xiao-KeyRaider)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ZergHelper", + "description": "[ZergHelper](https://attack.mitre.org/software/S0287) is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. (Citation: Xiao-ZergHelper)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", "created": "2017-10-25T14:48:44.853Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0287", "external_id": "S0287" }, @@ -1697,12 +1700,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "ZergHelper", - "description": "[ZergHelper](https://attack.mitre.org/software/S0287) is iOS riskware that was unique due to its apparent evasion of Apple's App Store review process. No malicious functionality was identified in the app, but it presents security risks. (Citation: Xiao-ZergHelper)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1744,28 +1744,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Twitoor", + "description": "[Twitoor](https://attack.mitre.org/software/S0302) is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "2.0", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Twitoor" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", "type": "malware", + "id": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", "created": "2017-10-25T14:48:42.313Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0302", "external_id": "S0302" }, @@ -1774,41 +1777,41 @@ "description": "(Citation: ESET-Twitoor)" }, { - "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "source_name": "ESET-Twitoor", "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.", - "source_name": "ESET-Twitoor" + "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/" } ], - "modified": "2020-09-30T13:19:59.692Z", - "name": "Twitoor", - "description": "[Twitoor](https://attack.mitre.org/software/S0302) is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)", - "x_mitre_version": "2.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ANDROIDOS_ANSERVER.A", + "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) is Android malware that is unique because it uses encrypted content within a blog site for command and control. (Citation: TrendMicro-Anserver)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.3", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "ANDROIDOS_ANSERVER.A" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", "type": "malware", + "id": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", "created": "2017-10-25T14:48:47.965Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0310", "external_id": "S0310" }, @@ -1822,30 +1825,30 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/" } ], - "modified": "2019-10-15T19:55:04.407Z", - "name": "ANDROIDOS_ANSERVER.A", - "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) is Android malware that is unique because it uses encrypted content within a blog site for command and control. (Citation: TrendMicro-Anserver)", - "x_mitre_version": "1.3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "DualToy", + "description": "[DualToy](https://attack.mitre.org/software/S0315) is Windows malware that installs malicious applications onto Android and iOS devices connected over USB. (Citation: PaloAlto-DualToy)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", "created": "2017-10-25T14:48:41.721Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0315", "external_id": "S0315" }, @@ -1859,12 +1862,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "DualToy", - "description": "[DualToy](https://attack.mitre.org/software/S0315) is Windows malware that installs malicious applications onto Android and iOS devices connected over USB. (Citation: PaloAlto-DualToy)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -1926,22 +1926,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "X-Agent for Android", + "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. (Citation: CrowdStrike-Android) Is it tracked separately from the [CHOPSTICK](https://attack.mitre.org/software/S0023).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--56660521-6db4-4e5a-a927-464f22954b7c", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--56660521-6db4-4e5a-a927-464f22954b7c", "created": "2017-10-25T14:48:42.034Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0314", "external_id": "S0314" }, @@ -1955,12 +1958,9 @@ "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "X-Agent for Android", - "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) is Android malware that was placed in a repackaged version of a Ukrainian artillery targeting application. The malware reportedly retrieved general location data on where the victim device was used, and therefore could likely indicate the potential location of Ukrainian artillery. (Citation: CrowdStrike-Android) Is it tracked separately from the [CHOPSTICK](https://attack.mitre.org/software/S0023).", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2005,22 +2005,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "MazarBOT", + "description": "[MazarBOT](https://attack.mitre.org/software/S0303) is Android malware that was distributed via SMS in Denmark in 2016. (Citation: Tripwire-MazarBOT)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", "created": "2017-10-25T14:48:40.875Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0303", "external_id": "S0303" }, @@ -2034,12 +2037,9 @@ "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "MazarBOT", - "description": "[MazarBOT](https://attack.mitre.org/software/S0303) is Android malware that was distributed via SMS in Denmark in 2016. (Citation: Tripwire-MazarBOT)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2085,22 +2085,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "HummingWhale", + "description": "[HummingWhale](https://attack.mitre.org/software/S0321) is an Android malware family that performs ad fraud. (Citation: ArsTechnica-HummingWhale)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", "created": "2017-10-25T14:48:40.259Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0321", "external_id": "S0321" }, @@ -2114,12 +2117,9 @@ "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "HummingWhale", - "description": "[HummingWhale](https://attack.mitre.org/software/S0321) is an Android malware family that performs ad fraud. (Citation: ArsTechnica-HummingWhale)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2338,28 +2338,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "SpyDealer", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) is Android malware that exfiltrates sensitive data from Android devices. (Citation: PaloAlto-SpyDealer)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "SpyDealer" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "type": "malware", + "id": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0324", "external_id": "S0324" }, @@ -2373,12 +2376,9 @@ "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/" } ], - "modified": "2019-10-15T19:37:21.120Z", - "name": "SpyDealer", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) is Android malware that exfiltrates sensitive data from Android devices. (Citation: PaloAlto-SpyDealer)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2425,22 +2425,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RuMMS", + "description": "[RuMMS](https://attack.mitre.org/software/S0313) is an Android malware family. (Citation: FireEye-RuMMS)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--936be60d-90eb-4c36-9247-4b31128432c4", "created": "2017-10-25T14:48:48.917Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0313", "external_id": "S0313" }, @@ -2454,37 +2457,37 @@ "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "RuMMS", - "description": "[RuMMS](https://attack.mitre.org/software/S0313) is an Android malware family. (Citation: FireEye-RuMMS)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Pegasus for Android", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) is the Android version of malware that has reportedly been linked to the NSO Group. (Citation: Lookout-PegasusAndroid) (Citation: Google-Chrysaor) The iOS version is tracked separately under [Pegasus for iOS](https://attack.mitre.org/software/S0289).", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Pegasus for Android", "Chrysaor" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "type": "malware", + "id": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "created": "2017-10-25T14:48:41.202Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0316", "external_id": "S0316" }, @@ -2507,12 +2510,9 @@ "url": "https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html" } ], - "modified": "2019-08-09T17:52:31.636Z", - "name": "Pegasus for Android", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) is the Android version of malware that has reportedly been linked to the NSO Group. (Citation: Lookout-PegasusAndroid) (Citation: Google-Chrysaor) The iOS version is tracked separately under [Pegasus for iOS](https://attack.mitre.org/software/S0289).", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2593,28 +2593,31 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "RedDrop", + "description": "[RedDrop](https://attack.mitre.org/software/S0326) is an Android malware family that exfiltrates sensitive data from devices. (Citation: Wandera-RedDrop)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "RedDrop" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", "type": "malware", + "id": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0326", "external_id": "S0326" }, @@ -2628,12 +2631,9 @@ "url": "https://www.wandera.com/reddrop-malware/" } ], - "modified": "2019-10-15T19:56:13.028Z", - "name": "RedDrop", - "description": "[RedDrop](https://attack.mitre.org/software/S0326) is an Android malware family that exfiltrates sensitive data from devices. (Citation: Wandera-RedDrop)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2675,22 +2675,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "YiSpecter", + "description": "[YiSpecter](https://attack.mitre.org/software/S0311) iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. (Citation: PaloAlto-YiSpecter)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9", "created": "2017-10-25T14:48:48.301Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0311", "external_id": "S0311" }, @@ -2704,30 +2707,30 @@ "url": "https://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "YiSpecter", - "description": "[YiSpecter](https://attack.mitre.org/software/S0311) iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. (Citation: PaloAlto-YiSpecter)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.Agent.ao", + "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) is Android malware. (Citation: Kaspersky-MobileMalware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", "created": "2017-10-25T14:48:46.411Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0307", "external_id": "S0307" }, @@ -2741,12 +2744,9 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.Agent.ao", - "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -2792,22 +2792,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "AndroRAT", + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) is malware that allows a third party to control the device and collect information. (Citation: Lookout-EnterpriseApps)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", "created": "2017-10-25T14:48:47.363Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0292", "external_id": "S0292" }, @@ -2821,12 +2824,9 @@ "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "AndroRAT", - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) is malware that allows a third party to control the device and collect information. (Citation: Lookout-EnterpriseApps)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -3299,22 +3299,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "PJApps", + "description": "[PJApps](https://attack.mitre.org/software/S0291) is an Android malware family. (Citation: Lookout-EnterpriseApps)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", "created": "2017-10-25T14:48:43.527Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0291", "external_id": "S0291" }, @@ -3328,30 +3331,30 @@ "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "PJApps", - "description": "[PJApps](https://attack.mitre.org/software/S0291) is an Android malware family. (Citation: Lookout-EnterpriseApps)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "ShiftyBug", + "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. (Citation: Lookout-Adware)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", "created": "2017-10-25T14:48:38.690Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0294", "external_id": "S0294" }, @@ -3365,30 +3368,30 @@ "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "ShiftyBug", - "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is an auto-rooting adware family of malware for Android. The family is very similar to the other Android families known as Shedun, Shuanet, Kemoge, though it is not believed all the families were created by the same group. (Citation: Lookout-Adware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "HummingBad", + "description": "[HummingBad](https://attack.mitre.org/software/S0322) is a family of Android malware that generates fraudulent advertising revenue and has the ability to obtain root access on older, vulnerable versions of Android. (Citation: ArsTechnica-HummingBad)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", "created": "2017-10-25T14:48:42.948Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0322", "external_id": "S0322" }, @@ -3402,12 +3405,9 @@ "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "HummingBad", - "description": "[HummingBad](https://attack.mitre.org/software/S0322) is a family of Android malware that generates fraudulent advertising revenue and has the ability to obtain root access on older, vulnerable versions of Android. (Citation: ArsTechnica-HummingBad)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -3455,22 +3455,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "OBAD", + "description": "OBAD is an Android malware family. (Citation: TrendMicro-Obad)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", "created": "2017-10-25T14:48:44.540Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0286", "external_id": "S0286" }, @@ -3484,36 +3487,36 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "OBAD", - "description": "OBAD is an Android malware family. (Citation: TrendMicro-Obad)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Android/Chuli.A", + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) is Android malware that was delivered to activist groups via a spearphishing email with an attachment. (Citation: Kaspersky-WUC)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.2", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Android/Chuli.A" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", "type": "malware", + "id": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", "created": "2017-10-25T14:48:45.482Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0304", "external_id": "S0304" }, @@ -3527,36 +3530,36 @@ "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" } ], - "modified": "2019-10-15T20:31:25.864Z", - "name": "Android/Chuli.A", - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) is Android malware that was delivered to activist groups via a spearphishing email with an attachment. (Citation: Kaspersky-WUC)", - "x_mitre_version": "1.2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Charger", + "description": "[Charger](https://attack.mitre.org/software/S0323) is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. (Citation: CheckPoint-Charger)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_platforms": [ "Android" ], "x_mitre_domains": [ "mobile-attack" ], + "x_mitre_version": "1.1", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_aliases": [ "Charger" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", "type": "malware", + "id": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", "created": "2017-10-25T14:48:39.631Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0323", "external_id": "S0323" }, @@ -3565,35 +3568,35 @@ "description": "(Citation: CheckPoint-Charger)" }, { - "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/", + "source_name": "CheckPoint-Charger", "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", - "source_name": "CheckPoint-Charger" + "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" } ], - "modified": "2019-10-09T14:51:42.697Z", - "name": "Charger", - "description": "[Charger](https://attack.mitre.org/software/S0323) is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. (Citation: CheckPoint-Charger)", - "x_mitre_version": "1.1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "labels": [ - "malware" - ], - "x_mitre_domains": [ - "mobile-attack" - ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] + }, + { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Trojan-SMS.AndroidOS.OpFake.a", + "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) is Android malware. (Citation: Kaspersky-MobileMalware)", + "labels": [ + "malware" ], - "id": "malware--d89c132d-7752-4c7f-9372-954a71522985", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--d89c132d-7752-4c7f-9372-954a71522985", "created": "2017-10-25T14:48:46.734Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0308", "external_id": "S0308" }, @@ -3607,30 +3610,30 @@ "url": "https://securelist.com/mobile-malware-evolution-2013/58335/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Trojan-SMS.AndroidOS.OpFake.a", - "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) is Android malware. (Citation: Kaspersky-MobileMalware)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "XcodeGhost", + "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. (Citation: PaloAlto-XcodeGhost1) (Citation: PaloAlto-XcodeGhost)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", "created": "2017-10-25T14:48:42.661Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0297", "external_id": "S0297" }, @@ -3649,12 +3652,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "XcodeGhost", - "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. (Citation: PaloAlto-XcodeGhost1) (Citation: PaloAlto-XcodeGhost)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -3970,22 +3970,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Adups", + "description": "[Adups](https://attack.mitre.org/software/S0309) is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server. (Citation: NYTimes-BackDoor) (Citation: BankInfoSecurity-BackDoor)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", "created": "2017-10-25T14:48:47.038Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0309", "external_id": "S0309" }, @@ -4004,12 +4007,9 @@ "url": "http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Adups", - "description": "[Adups](https://attack.mitre.org/software/S0309) is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server. (Citation: NYTimes-BackDoor) (Citation: BankInfoSecurity-BackDoor)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -4090,22 +4090,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Marcher", + "description": "[Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0317", "external_id": "S0317" }, @@ -4115,30 +4118,30 @@ "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Marcher", - "description": "[Marcher](https://attack.mitre.org/software/S0317) is Android malware that is used for financial fraud. (Citation: Proofpoint-Marcher)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "DressCode", + "description": "[DressCode](https://attack.mitre.org/software/S0300) is an Android malware family. (Citation: TrendMicro-DressCode)", "labels": [ "malware" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "malware", + "id": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", "created": "2017-10-25T14:48:37.856Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0300", "external_id": "S0300" }, @@ -4152,12 +4155,9 @@ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "DressCode", - "description": "[DressCode](https://attack.mitre.org/software/S0300) is an Android malware family. (Citation: TrendMicro-DressCode)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "labels": [ @@ -4251,22 +4251,25 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Xbot", + "description": "[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)", "labels": [ "tool" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "tool", + "id": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", "created": "2017-10-25T14:48:48.609Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0298", "external_id": "S0298" }, @@ -4280,12 +4283,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Xbot", - "description": "[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] }, { "x_mitre_domains": [ @@ -4652,41 +4652,7 @@ "x_mitre_shortname": "remote-service-effects" }, { - "x_mitre_platforms": [ - "Android", - "iOS" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Lorin Wu, Trend Micro" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", - "type": "attack-pattern", - "created": "2020-11-04T16:43:31.619Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1603", - "url": "https://attack.mitre.org/techniques/T1603" - }, - { - "source_name": "Android WorkManager", - "url": "https://developer.android.com/topic/libraries/architecture/workmanager", - "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020." - }, - { - "source_name": "Apple NSBackgroundActivityScheduler", - "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler", - "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020." - } - ], - "modified": "2020-11-04T19:45:38.144Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Scheduled Task/Job", "description": "Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. On Android and iOS, APIs and libraries exist to facilitate scheduling tasks to execute at a specified date, time, or interval.\n\nOn Android, the `WorkManager` API allows asynchronous tasks to be scheduled with the system. `WorkManager` was introduced to unify task scheduling on Android, using `JobScheduler`, `GcmNetworkManager`, and `AlarmManager` internally. `WorkManager` offers a lot of flexibility for scheduling, including periodically, one time, or constraint-based (e.g. only when the device is charging).(Citation: Android WorkManager)\n\nOn iOS, the `NSBackgroundActivityScheduler` API allows asynchronous tasks to be scheduled with the system. The tasks can be scheduled to be repeating or non-repeating, however, the system chooses when the tasks will be executed. The app can choose the interval for repeating tasks, or the delay between scheduling and execution for one-time tasks.(Citation: Apple NSBackgroundActivityScheduler)", "kill_chain_phases": [ @@ -4699,12 +4665,48 @@ "phase_name": "persistence" } ], - "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Scheduling tasks/jobs can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", + "x_mitre_platforms": [ + "Android", + "iOS" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "Lorin Wu, Trend Micro" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "created": "2020-11-04T16:43:31.619Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1603", + "external_id": "T1603" + }, + { + "source_name": "Android WorkManager", + "description": "Google. (n.d.). Schedule tasks with WorkManager. Retrieved November 4, 2020.", + "url": "https://developer.android.com/topic/libraries/architecture/workmanager" + }, + { + "source_name": "Apple NSBackgroundActivityScheduler", + "description": "Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November 4, 2020.", + "url": "https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -4914,7 +4916,8 @@ "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -5239,35 +5242,50 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-21T13:44:56.301Z", + "name": "Impersonate SS7 Nodes", + "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.(Citation: Engel-SS7)", + "kill_chain_phases": [ + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "collection" + }, + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "discovery" + } + ], + "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.", "x_mitre_platforms": [ "Android", "iOS" ], + "x_mitre_is_subtechnique": true, + "x_mitre_deprecated": false, "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], + "x_mitre_version": "1.0", "type": "attack-pattern", "id": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", "created": "2022-04-05T19:49:58.938Z", - "x_mitre_version": "1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, "external_references": [ { "source_name": "mitre-attack", - "external_id": "T1430.002", - "url": "https://attack.mitre.org/techniques/T1430/002" + "url": "https://attack.mitre.org/techniques/T1430/002", + "external_id": "T1430.002" }, { "source_name": "3GPP-Security", - "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf", - "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016." + "description": "3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December 19, 2016.", + "url": "http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf" }, { "source_name": "CSRIC5-WG10-FinalReport", - "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", - "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017." + "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.", + "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf" }, { "source_name": "CSRIC-WG1-FinalReport", @@ -5275,43 +5293,28 @@ }, { "source_name": "Positive-SS7", - "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf", - "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016." + "description": "Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December 19, 2016.", + "url": "https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf" }, { "source_name": "Engel-SS7-2008", - "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI", - "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016." + "description": "Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December 19, 2016.", + "url": "https://www.youtube.com/watch?v=q0n5ySqbfdI" }, { "source_name": "Engel-SS7", - "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf", - "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016." + "description": "Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December 19, 2016.", + "url": "https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-38.html", "external_id": "CEL-38" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.(Citation: Engel-SS7)", - "modified": "2022-04-11T19:10:05.885Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Impersonate SS7 Nodes", - "x_mitre_detection": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC-WG1-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.", - "kill_chain_phases": [ - { - "phase_name": "collection", - "kill_chain_name": "mitre-mobile-attack" - }, - { - "phase_name": "discovery", - "kill_chain_name": "mitre-mobile-attack" - } + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "x_mitre_is_subtechnique": true, "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -5332,7 +5335,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "Insecure Third-Party Libraries", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -5627,7 +5631,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "App Delivered via Email Attachment", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -5806,7 +5811,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -6585,55 +6591,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Gaetan van Diemen, ThreatFabric" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "type": "attack-pattern", - "created": "2021-09-20T13:42:20.824Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1616", - "url": "https://attack.mitre.org/techniques/T1616" - }, - { - "external_id": "APP-41", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html" - }, - { - "external_id": "CEL-42", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html" - }, - { - "external_id": "CEL-36", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html" - }, - { - "external_id": "CEL-18", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html" - }, - { - "source_name": "Android Permissions", - "url": "https://developer.android.com/reference/android/Manifest.permission", - "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021." - } - ], - "modified": "2021-09-27T18:05:42.788Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Call Control", "description": "Adversaries may make, forward, or block phone calls without user authorization. This could be used for adversary goals such as audio surveillance, blocking or forwarding calls from the device owner, or C2 communication.\n\nSeveral permissions may be used to programmatically control phone calls, including:\n\n* `ANSWER_PHONE_CALLS` - Allows the application to answer incoming phone calls(Citation: Android Permissions)\n* `CALL_PHONE` - Allows the application to initiate a phone call without going through the Dialer interface(Citation: Android Permissions)\n* `PROCESS_OUTGOING_CALLS` - Allows the application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether(Citation: Android Permissions)\n* `MANAGE_OWN_CALLS` - Allows a calling application which manages its own calls through the self-managed `ConnectionService` APIs(Citation: Android Permissions)\n* `BIND_TELECOM_CONNECTION_SERVICE` - Required permission when using a `ConnectionService`(Citation: Android Permissions)\n* `WRITE_CALL_LOG` - Allows an application to write to the device call log, potentially to hide malicious phone calls(Citation: Android Permissions)\n\nWhen granted some of these permissions, an application can make a phone call without opening the dialer first. However, if an application desires to simply redirect the user to the dialer with a phone number filled in, it can launch an Intent using `Intent.ACTION_DIAL`, which requires no specific permissions. This then requires the user to explicitly initiate the call or use some form of [Input Injection](https://attack.mitre.org/techniques/T1516) to programmatically initiate it.", "kill_chain_phases": [ @@ -6650,12 +6608,62 @@ "phase_name": "command-and-control" } ], - "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view their default phone app in device settings. Users can review available call logs for irregularities, such as missing or unrecognized calls.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "Gaetan van Diemen, ThreatFabric" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "created": "2021-09-20T13:42:20.824Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1616", + "external_id": "T1616" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-41.html", + "external_id": "APP-41" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-42.html", + "external_id": "CEL-42" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-36.html", + "external_id": "CEL-36" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-18.html", + "external_id": "CEL-18" + }, + { + "source_name": "Android Permissions", + "description": "Google. (2021, August 11). Manifest.permission. Retrieved September 22, 2021.", + "url": "https://developer.android.com/reference/android/Manifest.permission" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -7128,7 +7136,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Biometric Spoofing", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -7493,7 +7502,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Abuse of iOS Enterprise App Signing Key", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -7761,32 +7771,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", - "type": "attack-pattern", - "created": "2020-11-30T14:26:07.728Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1604", - "url": "https://attack.mitre.org/techniques/T1604" - }, - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-12-04T20:30:31.513Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Proxy Through Victim", "description": "Adversaries may use a compromised device as a proxy server to the Internet. By utilizing a proxy, adversaries hide the true IP address of their C2 server and associated infrastructure from the destination of the network traffic. This masquerades an adversary’s traffic as legitimate traffic originating from the compromised device, which can evade IP-based restrictions and alerts on certain services, such as bank accounts and social media websites.(Citation: Threat Fabric Exobot)\n\nThe most common type of proxy is a SOCKS proxy. It can typically be implemented using standard OS-level APIs and 3rd party libraries with no indication to the user. On Android, adversaries can use the `Proxy` API to programmatically establish a SOCKS proxy connection, or lower-level APIs to interact directly with raw sockets.", "kill_chain_phases": [ @@ -7795,12 +7780,39 @@ "phase_name": "defense-evasion" } ], - "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", + "created": "2020-11-30T14:26:07.728Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1604", + "external_id": "T1604" + }, + { + "source_name": "Threat Fabric Exobot", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -8346,7 +8358,8 @@ ], "modified": "2018-10-17T01:05:10.699Z", "name": "App Delivered via Web Download", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -9200,7 +9213,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Remotely Install Application", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -9344,7 +9358,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -9553,7 +9568,8 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -9932,62 +9948,62 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "modified": "2022-10-21T13:44:31.305Z", + "name": "Remote Device Management Services", + "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ", + "kill_chain_phases": [ + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "collection" + }, + { + "kill_chain_name": "mitre-mobile-attack", + "phase_name": "discovery" + } + ], + "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ", "x_mitre_platforms": [ "Android", "iOS" ], + "x_mitre_is_subtechnique": true, + "x_mitre_deprecated": false, "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + "x_mitre_version": "1.0", + "x_mitre_tactic_type": [ + "Post-Adversary Device Access" ], "type": "attack-pattern", "id": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", "created": "2022-04-05T19:37:15.984Z", - "x_mitre_version": "1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, "external_references": [ { "source_name": "mitre-attack", - "external_id": "T1430.001", - "url": "https://attack.mitre.org/techniques/T1430/001" + "url": "https://attack.mitre.org/techniques/T1430/001", + "external_id": "T1430.001" }, { "source_name": "Krebs-Location", - "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/", - "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018." + "description": "Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November 8, 2018.", + "url": "https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/ecosystem-threats/ECO-5.html", "external_id": "ECO-5" }, { - "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html", "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/emm-threats/EMM-7.html", "external_id": "EMM-7" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "An adversary may use access to cloud services (e.g. Google's Android Device Manager or Apple iCloud's Find my iPhone) or to an enterprise mobility management (EMM)/mobile device management (MDM) server console to track the location of mobile devices managed by the service.(Citation: Krebs-Location) ", - "modified": "2022-04-19T19:58:48.039Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Remote Device Management Services", - "x_mitre_detection": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ", - "kill_chain_phases": [ - { - "phase_name": "collection", - "kill_chain_name": "mitre-mobile-attack" - }, - { - "phase_name": "discovery", - "kill_chain_name": "mitre-mobile-attack" - } - ], - "x_mitre_is_subtechnique": true, - "x_mitre_tactic_type": [ - "Post-Adversary Device Access" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -10065,7 +10081,8 @@ ], "modified": "2018-10-17T01:05:10.700Z", "name": "Stolen Developer Credentials or Signing Keys", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -10455,7 +10472,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Malicious Media Content", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -10670,47 +10688,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "type": "attack-pattern", - "created": "2020-09-11T15:14:33.730Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1582", - "url": "https://attack.mitre.org/techniques/T1582" - }, - { - "external_id": "APP-16", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html" - }, - { - "external_id": "CEL-41", - "source_name": "NIST Mobile Threat Catalogue", - "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html" - }, - { - "source_name": "SMS KitKat", - "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", - "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020." - }, - { - "source_name": "Android SmsProvider", - "url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java", - "description": "Google. (n.d.). SmsProvider.java. Retrieved September 11, 2020." - } - ], - "modified": "2020-10-22T17:04:15.578Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "SMS Control", "description": "Adversaries may delete, alter, or send SMS messages without user authorization. This could be used to hide C2 SMS messages, spread malware, or various external effects.\n\nThis can be accomplished by requesting the `RECEIVE_SMS` or `SEND_SMS` permissions depending on what the malware is attempting to do. If the app is set as the default SMS handler on the device, the `SMS_DELIVER` broadcast intent can be registered, which allows the app to write to the SMS content provider. The content provider directly modifies the messaging database on the device, which could allow malicious applications with this ability to insert, modify, or delete arbitrary messages on the device.(Citation: SMS KitKat)(Citation: Android SmsProvider)", "kill_chain_phases": [ @@ -10719,12 +10697,54 @@ "phase_name": "impact" } ], - "x_mitre_detection": "Users can view the default SMS handler in system settings.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view the default SMS handler in system settings.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "created": "2020-09-11T15:14:33.730Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1582", + "external_id": "T1582" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html", + "external_id": "APP-16" + }, + { + "source_name": "NIST Mobile Threat Catalogue", + "url": "https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-41.html", + "external_id": "CEL-41" + }, + { + "source_name": "SMS KitKat", + "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020.", + "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html" + }, + { + "source_name": "Android SmsProvider", + "description": "Google. (n.d.). SmsProvider.java. Retrieved September 11, 2020.", + "url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -10852,7 +10872,8 @@ ], "modified": "2018-10-17T01:05:10.700Z", "name": "Detect App Analysis Environment", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -10917,7 +10938,8 @@ ], "modified": "2018-10-17T01:05:10.704Z", "name": "Malicious Software Development Tools", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -11434,7 +11456,8 @@ ], "modified": "2018-10-17T01:05:10.702Z", "name": "Exploit Baseband Vulnerability", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -11483,30 +11506,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Jörg Abraham, EclecticIQ" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", - "type": "attack-pattern", - "created": "2021-09-24T14:47:34.182Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1617", - "url": "https://attack.mitre.org/techniques/T1617" - } - ], - "modified": "2021-10-04T20:08:47.559Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Hooking", "description": "Adversaries may utilize hooking to hide the presence of artifacts associated with their behaviors to evade detection. Hooking can be used to modify return values or data structures of system APIs and function calls. This process typically involves using 3rd party root frameworks, such as Xposed or Magisk, with either a system exploit or pre-existing root access. By including custom modules for root frameworks, adversaries can hook system APIs and alter the return value and/or system data structures to alter functionality/visibility of various aspects of the system.", "kill_chain_phases": [ @@ -11515,12 +11515,37 @@ "phase_name": "defense-evasion" } ], - "x_mitre_detection": "Hooking can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Hooking can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", + "x_mitre_contributors": [ + "Jörg Abraham, EclecticIQ" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", + "created": "2021-09-24T14:47:34.182Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1617", + "external_id": "T1617" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -11683,45 +11708,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Lukáš Štefanko, ESET" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "type": "attack-pattern", - "created": "2019-09-15T15:26:22.356Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://attack.mitre.org/techniques/T1516", - "source_name": "mitre-mobile-attack", - "external_id": "T1516" - }, - { - "description": "Lukáš Štefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.", - "url": "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/", - "source_name": "android-trojan-steals-paypal-2fa" - }, - { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" - }, - { - "description": "Bitwarden. (n.d.). Auto-fill logins on Android . Retrieved September 15, 2019.", - "url": "https://help.bitwarden.com/article/auto-fill-android/", - "source_name": "bitwarden autofill logins" - } - ], - "modified": "2020-06-24T15:02:13.323Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Input Injection", "description": "A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.\n\n[Input Injection](https://attack.mitre.org/techniques/T1516) can be achieved using any of the following methods:\n\n* Mimicking user clicks on the screen, for example to steal money from a user's PayPal account.(Citation: android-trojan-steals-paypal-2fa)\n* Injecting global actions, such as `GLOBAL_ACTION_BACK` (programatically mimicking a physical back button press), to trigger actions on behalf of the user.(Citation: Talos Gustuff Apr 2019)\n* Inserting input into text fields on behalf of the user. This method is used legitimately to auto-fill text fields by applications such as password managers.(Citation: bitwarden autofill logins)", "kill_chain_phases": [ @@ -11734,12 +11721,52 @@ "phase_name": "impact" } ], - "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.", - "x_mitre_version": "1.1", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.1", + "x_mitre_contributors": [ + "Lukáš Štefanko, ESET" + ], "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "created": "2019-09-15T15:26:22.356Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1516", + "external_id": "T1516" + }, + { + "source_name": "android-trojan-steals-paypal-2fa", + "description": "Lukáš Štefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.", + "url": "https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/" + }, + { + "source_name": "Talos Gustuff Apr 2019", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html" + }, + { + "source_name": "bitwarden autofill logins", + "description": "Bitwarden. (n.d.). Auto-fill logins on Android . Retrieved September 15, 2019.", + "url": "https://help.bitwarden.com/article/auto-fill-android/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -11829,37 +11856,7 @@ "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { - "x_mitre_platforms": [ - "Android" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "type": "attack-pattern", - "created": "2020-05-07T15:24:49.068Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "mitre-mobile-attack", - "external_id": "T1577", - "url": "https://attack.mitre.org/techniques/T1577" - }, - { - "source_name": "Guardsquare Janus", - "url": "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures", - "description": "Guarsquare. (2017, November 13). New Android vulnerability allows attackers to modify apps without affecting their signatures. Retrieved May 7, 2020." - }, - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "modified": "2020-05-27T13:23:34.159Z", + "modified": "2022-10-24T15:09:07.609Z", "name": "Compromise Application Executable", "description": "Adversaries may modify applications installed on a device to establish persistent access to a victim. These malicious modifications can be used to make legitimate applications carry out adversary tasks when these applications are in use.\n\nThere are multiple ways an adversary can inject malicious code into applications. One method is by taking advantages of device vulnerabilities, the most well-known being Janus, an Android vulnerability that allows adversaries to add extra bytes to APK (application) and DEX (executable) files without affecting the file's signature. By being able to add arbitrary bytes to valid applications, attackers can seamlessly inject code into genuine executables without the user's knowledge.(Citation: Guardsquare Janus)\n\nAdversaries may also rebuild applications to include malicious modifications. This can be achieved by decompiling the genuine application, merging it with the malicious code, and recompiling it.(Citation: CheckPoint Agent Smith)\n\nAdversaries may also take action to conceal modifications to application executables and bypass user consent. These actions include altering modifications to appear as an update or exploiting vulnerabilities that allow activities of the malicious application to run inside a system application.(Citation: CheckPoint Agent Smith)", "kill_chain_phases": [ @@ -11868,12 +11865,44 @@ "phase_name": "persistence" } ], - "x_mitre_detection": "This behavior is seamless to the user and is typically undetectable.", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_detection": "This behavior is seamless to the user and is typically undetectable.", + "x_mitre_platforms": [ + "Android" + ], + "x_mitre_domains": [ + "mobile-attack" + ], + "x_mitre_version": "1.0", "x_mitre_tactic_type": [ "Post-Adversary Device Access" - ] + ], + "type": "attack-pattern", + "id": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "created": "2020-05-07T15:24:49.068Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/techniques/T1577", + "external_id": "T1577" + }, + { + "source_name": "Guardsquare Janus", + "description": "Guarsquare. (2017, November 13). New Android vulnerability allows attackers to modify apps without affecting their signatures. Retrieved May 7, 2020.", + "url": "https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures" + }, + { + "source_name": "CheckPoint Agent Smith", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -12652,7 +12681,8 @@ ], "modified": "2018-10-17T01:05:10.701Z", "name": "Fake Developer Accounts", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -13253,7 +13283,8 @@ ], "modified": "2018-10-17T01:05:10.703Z", "name": "Device Unlock Code Guessing or Brute Force", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -13366,7 +13397,8 @@ ], "modified": "2018-10-17T01:05:10.704Z", "name": "Malicious or Vulnerable Built-in Device Functionality", - "x_mitre_version": "1.0" + "x_mitre_version": "1.0", + "x_mitre_is_subtechnique": false }, { "x_mitre_platforms": [ @@ -13739,6499 +13771,15 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0", - "created": "2022-04-01T16:52:03.322Z", + "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6", + "created": "2022-04-05T19:54:12.660Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, "description": "", - "modified": "2022-04-01T16:52:03.322Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf", - "created": "2019-07-16T14:33:12.144Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ", - "modified": "2022-04-20T17:43:35.227Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962", - "created": "2022-03-30T19:54:07.548Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ", - "modified": "2022-03-30T19:54:07.548Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22", - "created": "2019-03-11T15:13:40.454Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-Anserver", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/", - "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)", - "modified": "2022-04-18T19:04:48.388Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", - "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca", - "created": "2020-09-11T16:22:03.285Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48", - "created": "2020-09-24T15:34:51.298Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", + "modified": "2022-04-05T19:54:12.660Z", "relationship_type": "revoked-by", - "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213", - "created": "2022-04-20T17:31:58.697Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)", - "modified": "2022-04-20T17:31:58.697Z", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f", - "created": "2019-09-03T19:45:48.518Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a", - "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659", - "created": "2020-12-24T21:45:56.967Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "NYTimes-BackDoor", - "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", - "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49", - "type": "relationship", - "created": "2020-12-24T22:04:28.004Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.004Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9", - "type": "relationship", - "created": "2020-09-11T15:58:40.846Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-09-11T15:58:40.846Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3", - "type": "relationship", - "created": "2020-12-31T18:25:05.142Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.142Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5", - "created": "2020-04-08T15:41:19.445Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Anubis", - "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", - "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." - }, - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)", - "modified": "2022-04-20T17:57:23.327Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71", - "created": "2019-07-10T15:42:09.606Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ", - "modified": "2022-04-19T20:11:29.974Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b", - "created": "2019-07-10T15:35:43.704Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-20T17:40:40.182Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler-SpyNote", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" - } - ], - "modified": "2019-10-10T15:24:09.378Z", - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)", - "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb", - "created": "2022-03-30T14:06:01.859Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation can often detect jailbroken or rooted devices.", - "modified": "2022-03-30T14:06:01.859Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad", - "created": "2020-04-24T15:06:33.397Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b", - "created": "2020-12-17T20:15:22.492Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint-Charger", - "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", - "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" - } - ], - "modified": "2019-10-09T14:51:42.827Z", - "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)", - "relationship_type": "uses", - "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd", - "type": "relationship", - "created": "2020-06-26T15:12:40.094Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ESET DEFENSOR ID", - "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", - "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:12:40.094Z", - "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)", - "relationship_type": "uses", - "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165", - "type": "relationship", - "created": "2020-09-15T15:18:12.459Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.459Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-RCSAndroid", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb", - "created": "2019-09-04T15:38:56.881Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f", - "created": "2019-09-04T14:28:16.487Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)", - "modified": "2022-04-15T17:34:52.414Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da", - "type": "relationship", - "created": "2021-09-24T14:52:41.308Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2021-09-24T14:52:41.308Z", - "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0", - "type": "relationship", - "created": "2020-12-24T21:55:56.686Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.686Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d", - "type": "relationship", - "created": "2020-04-24T17:46:31.691Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.691Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", - "source_name": "Wandera-RedDrop" - } - ], - "modified": "2019-10-15T19:27:27.997Z", - "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859", - "type": "relationship", - "created": "2020-12-24T22:04:28.010Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.010Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837", - "created": "2022-03-30T18:14:23.210Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ", - "modified": "2022-03-30T18:14:23.210Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51", - "created": "2022-04-01T12:37:17.515Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "OS feature updates often enhance security and privacy around permissions. ", - "modified": "2022-04-01T12:37:17.515Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76", - "created": "2019-10-18T14:50:57.472Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates frequently contain patches for known exploits.", - "modified": "2022-03-25T14:12:54.498Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e", - "type": "relationship", - "created": "2020-06-02T14:32:31.888Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Volexity Insomnia", - "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", - "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.888Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014", - "type": "relationship", - "created": "2019-08-05T13:22:03.917Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.873Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73", - "type": "relationship", - "created": "2020-07-20T14:12:15.566Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Check Point-Joker", - "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/", - "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020." - } - ], - "modified": "2020-07-20T14:12:15.566Z", - "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c", - "created": "2022-04-01T18:51:44.595Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.", - "modified": "2022-04-01T18:51:44.595Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1", - "type": "relationship", - "created": "2020-11-24T17:55:12.887Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.887Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42", - "type": "relationship", - "created": "2021-10-01T14:42:48.913Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-06T15:32:46.477Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530", - "type": "relationship", - "created": "2020-01-27T17:05:58.213Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.213Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a", - "created": "2020-06-26T14:55:13.304Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16", - "type": "relationship", - "created": "2021-02-17T20:43:52.420Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.420Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224", - "type": "relationship", - "created": "2019-09-03T20:08:00.670Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" - } - ], - "modified": "2019-10-10T15:19:47.960Z", - "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ArsTechnica-HummingBad", - "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.", - "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)", - "relationship_type": "uses", - "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9", - "type": "relationship", - "created": "2020-07-20T13:27:33.548Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T22:00:43.490Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd", - "created": "2020-07-15T20:20:59.289Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "HackerNews-OldBoot", - "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.", - "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)", - "relationship_type": "uses", - "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", - "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2", - "type": "relationship", - "created": "2020-04-24T17:46:31.586Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-27T15:27:26.539Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a", - "type": "relationship", - "created": "2019-08-09T17:52:13.352Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" - } - ], - "modified": "2019-08-09T17:52:31.877Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce", - "created": "2022-04-01T18:42:50.381Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.", - "modified": "2022-04-01T18:42:50.381Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2", - "created": "2019-09-03T20:08:00.704Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)", - "modified": "2022-04-15T17:18:58.074Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd", - "created": "2022-03-30T20:08:40.223Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ", - "modified": "2022-03-30T20:08:40.223Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9", - "created": "2022-04-01T18:43:01.860Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", - "modified": "2022-04-01T18:43:01.860Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f", - "created": "2019-10-18T15:51:48.451Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ", - "modified": "2022-04-01T13:32:32.335Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022", - "type": "relationship", - "created": "2020-01-27T17:05:58.271Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.271Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da", - "type": "relationship", - "created": "2020-12-18T20:14:47.319Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-18T20:14:47.319Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50", - "created": "2020-06-26T15:32:25.025Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474", - "created": "2020-09-15T15:18:12.428Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" - } - ], - "modified": "2019-08-09T17:53:48.780Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3", - "created": "2020-12-14T14:52:03.283Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-20T16:43:23.973Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5", - "type": "relationship", - "created": "2020-06-26T14:55:13.382Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T14:55:13.382Z", - "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a", - "created": "2020-06-26T15:32:24.962Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4", - "type": "relationship", - "created": "2020-06-02T14:32:31.885Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.885Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56", - "created": "2020-04-24T15:06:33.455Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)", - "modified": "2022-04-20T17:30:39.449Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-MobileMalware", - "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", - "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", - "modified": "2022-04-19T20:07:56.150Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d", - "created": "2022-04-01T17:06:06.950Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ", - "modified": "2022-04-01T17:06:06.950Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8", - "created": "2020-06-02T14:32:31.903Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0", - "created": "2022-03-30T19:52:05.143Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T19:52:05.143Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" - } - ], - "modified": "2019-10-10T15:27:22.157Z", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53", - "type": "relationship", - "created": "2020-07-15T20:20:59.318Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.318Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298", - "created": "2020-12-14T15:02:35.297Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5", - "type": "relationship", - "created": "2020-09-15T15:18:12.417Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.417Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f", - "created": "2022-04-01T12:50:48.459Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T12:50:48.459Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010", - "created": "2022-03-30T18:18:15.915Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T18:18:15.915Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--919a13bc-74be-4660-af63-454abee92635", - "type": "relationship", - "created": "2019-03-11T15:13:40.408Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.", - "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A", - "source_name": "TrendMicro-Anserver2" - } - ], - "modified": "2019-08-05T20:05:25.571Z", - "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)", - "relationship_type": "uses", - "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133", - "created": "2022-03-30T20:31:41.927Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "New OS releases frequently contain additional limitations or controls around device location access.", - "modified": "2022-03-30T20:31:41.927Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca", - "created": "2019-09-03T19:45:48.510Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397", - "type": "relationship", - "created": "2019-09-04T14:28:16.385Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:12.877Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf", - "type": "relationship", - "created": "2020-09-11T14:54:16.617Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.617Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce", - "type": "relationship", - "created": "2019-09-04T14:28:15.975Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-10-14T17:51:38.054Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1", - "created": "2020-10-29T17:48:27.175Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-18T19:25:32.400Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52", - "created": "2019-09-23T13:36:08.459Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ArsTechnica-HummingBad", - "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/", - "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store.(Citation: ArsTechnica-HummingBad)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85", - "type": "relationship", - "created": "2020-11-20T16:37:28.547Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.547Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" - } - ], - "modified": "2019-10-15T19:54:10.285Z", - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)", - "modified": "2022-04-19T20:08:40.140Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7", - "created": "2022-04-15T16:00:43.483Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)", - "modified": "2022-04-15T16:00:43.483Z", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c", - "created": "2019-11-21T19:16:34.820Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint SimBad 2019", - "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", - "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b", - "created": "2022-04-06T15:51:11.939Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:51:11.939Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-XLoader", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/", - "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d", - "type": "relationship", - "created": "2019-08-09T18:06:11.672Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.672Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f", - "created": "2020-06-02T14:32:31.906Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Volexity Insomnia", - "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", - "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)", - "modified": "2022-04-20T16:40:05.898Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint-Judy", - "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.", - "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)", - "relationship_type": "uses", - "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c", - "created": "2022-04-01T18:45:00.923Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.", - "modified": "2022-04-01T18:45:00.923Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b", - "type": "relationship", - "created": "2020-12-17T20:15:22.397Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.397Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler-SuperMarioRun", - "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", - "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)", - "modified": "2022-05-20T17:13:16.510Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3", - "type": "relationship", - "created": "2020-09-11T14:54:16.615Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.615Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90", - "type": "relationship", - "created": "2020-09-11T14:54:16.621Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.621Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37", - "created": "2020-01-27T17:05:58.263Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Bouncing Golf 2019", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13", - "created": "2020-10-29T17:48:27.425Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b", - "type": "relationship", - "created": "2020-01-27T17:05:58.312Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.312Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d", - "type": "relationship", - "created": "2021-01-05T20:16:20.499Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.499Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237", - "created": "2019-11-21T16:42:48.441Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80", - "created": "2022-03-31T19:51:41.431Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.", - "modified": "2022-03-31T19:51:41.431Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7", - "type": "relationship", - "created": "2020-04-24T17:46:31.466Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.466Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6", - "created": "2022-03-30T15:18:21.256Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T15:18:21.256Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Xiao-ZergHelper", - "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.", - "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)", - "relationship_type": "uses", - "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e", - "created": "2022-04-08T16:29:30.371Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-08T16:29:30.371Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a", - "created": "2019-11-21T19:16:34.796Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint SimBad 2019", - "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", - "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d", - "type": "relationship", - "created": "2020-12-31T18:25:05.133Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.133Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625", - "created": "2022-03-31T16:33:55.074Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-31T16:33:55.074Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d", - "created": "2020-12-24T21:45:56.969Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad", - "created": "2020-12-24T21:55:56.752Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-19T16:32:53.368Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d", - "created": "2019-09-04T15:38:56.883Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c", - "type": "relationship", - "created": "2020-06-26T14:55:13.380Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T14:55:13.380Z", - "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6", - "created": "2020-01-21T14:20:50.409Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender - Triout 2018", - "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", - "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FireEye-RuMMS", - "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html", - "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3", - "type": "relationship", - "created": "2020-09-14T14:13:45.296Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-14T14:13:45.296Z", - "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484", - "created": "2020-04-24T17:46:31.616Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544", - "created": "2020-05-04T14:04:56.184Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02", - "created": "2020-06-26T15:32:25.144Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Cerberus", - "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", - "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)", - "modified": "2022-04-19T20:12:22.454Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b", - "type": "relationship", - "created": "2020-09-14T14:13:45.259Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-14T14:13:45.259Z", - "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e", - "created": "2020-04-08T15:51:25.122Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07", - "type": "relationship", - "created": "2020-12-24T21:45:56.949Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:45:56.949Z", - "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f", - "type": "relationship", - "created": "2019-09-23T13:36:08.448Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "source_name": "securelist rotexy 2018" - } - ], - "modified": "2019-10-15T19:56:50.651Z", - "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710", - "type": "relationship", - "created": "2020-09-14T14:13:45.256Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-14T14:13:45.256Z", - "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630", - "created": "2020-07-15T20:20:59.300Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6", - "type": "relationship", - "created": "2021-01-05T20:16:20.484Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.484Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99", - "created": "2020-11-20T15:44:57.481Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87", - "type": "relationship", - "created": "2020-05-04T14:04:56.217Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "modified": "2020-05-04T15:40:21.305Z", - "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414", - "created": "2019-10-18T14:50:57.521Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ", - "modified": "2022-03-30T20:08:17.127Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f", - "type": "relationship", - "created": "2020-04-27T16:52:49.444Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "modified": "2020-04-27T16:52:49.444Z", - "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9", - "type": "relationship", - "created": "2020-09-11T15:52:12.520Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-09-11T15:52:12.520Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61", - "type": "relationship", - "created": "2020-04-24T15:06:33.495Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.495Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42", - "type": "relationship", - "created": "2020-11-10T17:08:35.593Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-11-10T17:08:35.593Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5", - "created": "2019-08-08T18:47:57.655Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Android 10 Privacy Changes", - "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", - "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ", - "modified": "2022-04-01T16:35:38.189Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f", - "created": "2020-12-17T20:15:22.501Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6", - "created": "2020-09-11T16:22:03.266Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c", - "created": "2020-12-14T14:52:03.385Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-20T17:56:51.457Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e", - "type": "relationship", - "created": "2019-07-10T15:25:57.602Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" - } - ], - "modified": "2019-08-12T17:30:07.571Z", - "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330", - "created": "2022-04-01T15:01:53.321Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.", - "modified": "2022-04-01T15:01:53.321Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3", - "type": "relationship", - "created": "2019-09-04T15:38:56.786Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "modified": "2019-09-10T14:59:26.139Z", - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)", - "relationship_type": "uses", - "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" - } - ], - "modified": "2019-08-09T17:52:31.854Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", - "source_name": "Wandera-RedDrop" - } - ], - "modified": "2019-10-15T19:56:13.162Z", - "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf", - "created": "2020-06-02T14:32:31.897Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3", - "type": "relationship", - "created": "2020-01-27T17:05:58.215Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.215Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9", - "created": "2022-03-30T14:26:02.359Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android Changes to System Broadcasts", - "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts", - "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ", - "modified": "2022-03-30T14:26:02.359Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e", - "type": "relationship", - "created": "2020-04-24T15:06:33.519Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.519Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab", - "created": "2022-04-11T20:06:38.811Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.", - "modified": "2022-04-11T20:06:38.811Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678", - "type": "relationship", - "created": "2020-09-24T15:34:51.315Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" - } - ], - "modified": "2020-09-24T15:34:51.315Z", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a", - "type": "relationship", - "created": "2020-12-24T22:04:28.017Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.017Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc", - "type": "relationship", - "created": "2020-07-15T20:20:59.298Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.298Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b", - "created": "2020-05-04T14:22:20.348Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b", - "type": "relationship", - "created": "2020-12-31T18:25:05.131Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.131Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c", - "type": "relationship", - "created": "2021-02-17T20:43:52.410Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.410Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-BrainTest", - "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", - "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)", - "relationship_type": "uses", - "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa", - "type": "relationship", - "created": "2020-11-24T17:55:12.804Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.804Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9", - "created": "2020-04-08T15:51:25.149Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8", - "created": "2022-04-15T15:57:32.958Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-15T15:57:32.958Z", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7", - "type": "relationship", - "created": "2020-07-20T13:27:33.461Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.686Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678", - "type": "relationship", - "created": "2021-09-20T13:59:00.498Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2021-09-20T13:59:00.498Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d", - "created": "2022-03-30T19:14:20.374Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T19:14:20.374Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa", - "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06", - "created": "2020-09-11T16:22:03.269Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10", - "created": "2019-09-03T20:08:00.649Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e", - "type": "relationship", - "created": "2021-01-05T20:16:20.512Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.512Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b", - "created": "2022-03-30T20:48:00.360Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.", - "modified": "2022-03-30T20:48:00.360Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7", - "type": "relationship", - "created": "2019-03-11T15:13:40.425Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.", - "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A", - "source_name": "TrendMicro-Anserver2" - } - ], - "modified": "2019-10-15T19:55:04.517Z", - "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)", - "relationship_type": "uses", - "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-15T16:02:14.739Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658", - "created": "2022-04-01T19:06:40.361Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T19:06:40.361Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257", - "type": "relationship", - "created": "2020-10-29T17:48:27.469Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T17:48:27.469Z", - "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec", - "created": "2022-04-01T15:13:10.022Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "iOS Universal Links", - "url": "https://developer.apple.com/ios/universal-links/", - "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020." - }, - { - "source_name": "Android App Links", - "url": "https://developer.android.com/training/app-links/verify-site-associations", - "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020." - }, - { - "source_name": "IETF-PKCE", - "url": "https://tools.ietf.org/html/rfc7636", - "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ", - "modified": "2022-04-01T15:13:10.022Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad", - "created": "2021-10-01T14:42:49.159Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c", - "created": "2022-04-01T14:59:39.294Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Apple regularly provides security updates for known OS vulnerabilities.", - "modified": "2022-04-01T14:59:39.294Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357", - "type": "relationship", - "created": "2020-12-17T20:15:22.408Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.408Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d", - "type": "relationship", - "created": "2021-02-08T16:36:20.774Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "modified": "2021-05-24T13:16:56.495Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25", - "type": "relationship", - "created": "2020-09-11T15:55:43.774Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2020-09-11T15:55:43.774Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415", - "created": "2022-03-30T14:50:07.291Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation could detect unauthorized operating system modifications.", - "modified": "2022-03-30T14:50:07.291Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)", - "relationship_type": "uses", - "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7", - "created": "2022-04-01T14:59:17.991Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ", - "modified": "2022-04-01T14:59:17.991Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "NYTimes-BackDoor", - "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", - "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e", - "created": "2020-12-14T15:02:35.291Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea", - "type": "relationship", - "created": "2020-07-15T20:20:59.377Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.377Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-XLoader", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/", - "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a", - "created": "2021-01-07T17:02:31.805Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86", - "created": "2019-09-03T19:45:48.498Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ", - "modified": "2022-04-19T20:09:24.725Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74", - "type": "relationship", - "created": "2021-01-05T20:16:20.511Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.511Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265", - "created": "2021-04-19T14:29:46.510Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ", - "modified": "2022-04-19T20:07:13.475Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010", - "type": "relationship", - "created": "2020-07-20T13:27:33.459Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.516Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf", - "type": "relationship", - "created": "2020-09-11T15:43:49.309Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "modified": "2020-09-11T15:43:49.309Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c", - "created": "2019-09-03T20:08:00.687Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87", - "type": "relationship", - "created": "2020-06-26T15:12:40.098Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ESET DEFENSOR ID", - "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", - "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:12:40.098Z", - "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)", - "relationship_type": "uses", - "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3f81a680-3151-4608-b83f-550756632013", - "type": "relationship", - "created": "2020-07-20T13:58:53.604Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], - "modified": "2020-09-24T15:12:24.301Z", - "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-08-09T17:59:49.072Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee", - "type": "relationship", - "created": "2019-09-04T14:28:15.991Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:12.803Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072", - "created": "2021-10-01T14:42:49.171Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)", - "modified": "2022-04-18T19:01:58.546Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae", - "type": "relationship", - "created": "2021-02-17T20:43:52.407Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.407Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089", - "created": "2022-03-28T19:41:27.610Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.", - "modified": "2022-03-28T19:41:27.610Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Gooligan Citation", - "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", - "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" - } - ], - "modified": "2019-10-10T15:18:51.154Z", - "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)", - "relationship_type": "uses", - "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765", - "type": "relationship", - "created": "2019-11-21T16:42:48.456Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "source_name": "SecureList - ViceLeaker 2019" - }, - { - "source_name": "Bitdefender - Triout 2018", - "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", - "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." - } - ], - "modified": "2020-01-21T14:20:50.455Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82", - "type": "relationship", - "created": "2020-09-11T16:22:03.301Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.301Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354", - "type": "relationship", - "created": "2021-09-20T13:42:21.104Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2021-09-27T18:05:43.107Z", - "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794", - "type": "relationship", - "created": "2020-04-08T15:41:19.451Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:41:19.451Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "PaloAlto-Xbot", - "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.", - "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)", - "relationship_type": "uses", - "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", - "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688", - "created": "2020-05-07T15:33:32.910Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012", - "type": "relationship", - "created": "2020-12-14T14:52:03.218Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T14:52:03.218Z", - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ac523dfb-36be-4402-acf2-abe98e183eef", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ArsTechnica-HummingBad", - "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/", - "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "In July 2016, [HummingBad](https://attack.mitre.org/software/S0322) generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e", - "type": "relationship", - "created": "2020-12-17T20:15:22.454Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.454Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0", - "created": "2022-04-11T20:05:56.540Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-11T20:05:56.540Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", - "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d", - "created": "2019-07-10T15:25:57.585Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb", - "created": "2019-08-09T16:19:02.782Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Android Capture Sensor 2019", - "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access", - "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ", - "modified": "2022-04-01T15:21:13.296Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-08-09T17:59:49.021Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--93c20f43-6684-471c-910f-d9577f289677", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)", - "modified": "2022-04-19T15:47:05.436Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50", - "type": "relationship", - "created": "2021-09-20T13:50:02.036Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2021-09-20T13:50:02.036Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "source_name": "Kaspersky-Skygofree" - } - ], - "modified": "2019-08-09T18:08:07.173Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe", - "created": "2017-10-25T14:48:53.746Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ", - "modified": "2022-03-30T20:07:33.678Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", - "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d", - "type": "relationship", - "created": "2020-07-15T20:20:59.294Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.294Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae", - "created": "2020-12-24T22:04:27.902Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-20T17:35:38.895Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745", - "created": "2022-03-30T17:54:56.603Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T17:54:56.603Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd", - "type": "relationship", - "created": "2020-04-08T18:55:29.205Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - }, - { - "source_name": "Trend Micro Anubis", - "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", - "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." - } - ], - "modified": "2021-01-20T16:01:19.565Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c", - "type": "relationship", - "created": "2021-02-17T20:43:52.324Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.324Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", - "source_name": "Wandera-RedDrop" - } - ], - "modified": "2019-09-10T13:14:39.009Z", - "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f", - "created": "2020-06-24T18:24:35.707Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd", - "type": "relationship", - "created": "2019-09-04T15:38:56.597Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.", - "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "source_name": "FortiGuard-FlexiSpy" - } - ], - "modified": "2019-09-10T14:59:25.979Z", - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-10-15T19:44:36.125Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf", - "created": "2022-04-06T13:57:49.186Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T13:57:49.186Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551", - "type": "relationship", - "created": "2021-02-08T16:36:20.698Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "modified": "2021-05-24T13:16:56.412Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14", - "created": "2020-06-26T15:32:25.043Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-15T15:49:23.497Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2", - "type": "relationship", - "created": "2020-06-26T15:32:25.062Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:25.062Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962", - "created": "2019-09-23T13:36:08.456Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "NYTimes-BackDoor", - "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.", - "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)", - "relationship_type": "uses", - "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590", - "created": "2019-09-23T13:36:08.543Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576", - "created": "2020-12-24T22:04:27.991Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435", - "created": "2022-04-05T19:51:08.770Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android 12 Features", - "url": "https://developer.android.com/about/versions/12/features", - "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", - "modified": "2022-04-05T19:51:08.770Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91", - "created": "2020-10-29T19:21:23.187Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c", - "type": "relationship", - "created": "2019-09-03T19:45:48.512Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.210Z", - "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71", - "created": "2022-04-18T15:49:00.561Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)", - "modified": "2022-04-18T15:49:00.561Z", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056", - "type": "relationship", - "created": "2020-06-26T15:32:25.058Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - }, - { - "source_name": "CheckPoint Cerberus", - "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", - "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:25.058Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb", - "created": "2020-09-11T16:22:03.294Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27", - "created": "2022-03-30T15:08:28.814Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation could detect unauthorized operating system modifications. ", - "modified": "2022-03-30T15:08:28.814Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf", - "created": "2020-09-24T15:34:51.213Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2", - "created": "2020-09-15T15:18:12.460Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c", - "type": "relationship", - "created": "2020-12-17T20:15:22.489Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.489Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14", - "type": "relationship", - "created": "2019-07-10T15:35:43.610Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.693Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd", - "created": "2019-09-03T19:45:48.503Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57", - "type": "relationship", - "created": "2020-04-08T15:51:25.120Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:51:25.120Z", - "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055", - "created": "2020-01-27T17:05:58.310Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Bouncing Golf 2019", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1", - "type": "relationship", - "created": "2020-07-15T20:20:59.284Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.284Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c", - "type": "relationship", - "created": "2019-07-16T14:33:12.117Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "modified": "2020-04-27T16:52:49.643Z", - "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77", - "type": "relationship", - "created": "2020-06-26T15:32:25.035Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - }, - { - "source_name": "CheckPoint Cerberus", - "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", - "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:25.035Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60", - "type": "relationship", - "created": "2020-07-27T14:14:56.980Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "modified": "2020-08-10T22:18:20.815Z", - "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2", - "created": "2022-04-01T13:27:29.919Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T13:27:29.920Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-10-15T19:44:36.177Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050", - "type": "relationship", - "created": "2020-06-26T15:32:24.955Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:24.955Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-Skygofree", - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4", - "created": "2022-03-28T19:30:27.364Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.", - "modified": "2022-03-28T19:30:27.364Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046", - "created": "2022-04-05T17:14:35.469Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:14:35.469Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0", - "created": "2022-04-05T19:49:06.417Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", - "modified": "2022-04-05T19:49:06.417Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b", - "created": "2019-12-10T16:07:41.081Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b", - "type": "relationship", - "created": "2021-01-05T20:16:20.419Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.419Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369", - "type": "relationship", - "created": "2019-12-10T16:07:41.066Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "modified": "2019-12-10T16:07:41.066Z", - "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a", - "created": "2022-04-05T19:52:38.539Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "CSRIC-WG1-FinalReport", - "description": "CSRIC-WG1-FinalReport" - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ", - "modified": "2022-04-05T19:52:38.539Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124", + "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5", "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", @@ -20241,847 +13789,25 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d", + "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50", "type": "relationship", - "created": "2020-07-27T14:14:56.961Z", + "created": "2019-10-10T15:14:57.378Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." } ], - "modified": "2020-08-10T22:18:20.782Z", - "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)", + "modified": "2019-10-10T15:14:57.378Z", + "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)", "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" - } - ], - "modified": "2019-10-15T19:54:10.284Z", - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2", - "created": "2022-04-08T16:29:55.322Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-08T16:29:55.322Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6", - "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d", - "created": "2020-09-11T14:54:16.587Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d", - "created": "2019-09-23T13:36:08.451Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f", - "type": "relationship", - "created": "2020-12-14T15:02:35.287Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T15:02:35.290Z", - "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8ff45341-60d6-40d3-bb38-566814a466f9", - "created": "2020-07-20T13:27:33.552Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can perform primitive emulation checks.(Citation: Talos-WolfRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef", - "created": "2020-09-14T14:13:45.291Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d", - "created": "2020-09-29T13:24:15.234Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9", - "type": "relationship", - "created": "2020-12-24T21:55:56.753Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.753Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788", - "created": "2020-05-07T15:33:32.903Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e", - "created": "2020-09-14T14:13:45.299Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)", - "modified": "2022-04-18T15:58:08.240Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CrowdStrike-Android", - "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.", - "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)", - "relationship_type": "uses", - "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9", - "created": "2022-04-01T13:19:41.207Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T13:19:41.207Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418", - "type": "relationship", - "created": "2020-04-08T15:41:19.383Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:41:19.383Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9", - "created": "2020-09-11T14:54:16.649Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60", - "type": "relationship", - "created": "2020-09-11T14:54:16.585Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2021-04-19T17:11:50.418Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc", - "created": "2020-04-08T15:41:19.400Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)", - "modified": "2022-04-15T15:49:01.417Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127", - "type": "relationship", - "created": "2020-12-24T21:55:56.657Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.657Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409", - "created": "2020-06-26T15:32:25.146Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Cerberus", - "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", - "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)", - "modified": "2022-04-20T16:37:46.192Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c", - "created": "2017-10-25T14:48:53.747Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges. ", - "modified": "2022-03-30T20:32:46.334Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6", - "type": "relationship", - "created": "2020-12-24T22:04:28.015Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.015Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf", - "created": "2020-06-02T14:32:31.891Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209", - "type": "relationship", - "created": "2020-04-24T15:06:33.449Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.450Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" - } - ], - "modified": "2019-08-09T17:53:48.760Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc", - "created": "2020-09-14T14:13:45.286Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)", - "modified": "2022-04-20T17:33:36.404Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88", - "created": "2022-04-01T12:37:42.068Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ", - "modified": "2022-04-01T12:37:42.068Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d", - "created": "2019-10-18T14:50:57.491Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates often contain patches for vulnerabilities.", - "modified": "2022-03-30T15:52:58.256Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f", - "created": "2022-03-30T20:07:33.291Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T20:07:33.291Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164", - "type": "relationship", - "created": "2020-01-27T17:49:05.664Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:49:05.664Z", - "description": "(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd", - "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f", - "created": "2019-12-10T16:07:41.083Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)", - "modified": "2022-04-15T16:00:59.657Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68", - "type": "relationship", - "created": "2020-12-24T21:45:56.979Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-04-19T14:29:46.650Z", - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0", - "created": "2022-04-01T15:02:04.528Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Apple regularly provides security updates for known OS vulnerabilities. ", - "modified": "2022-04-01T15:02:04.528Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45", - "created": "2019-09-15T15:32:17.580Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Android Notification Listeners", - "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)", - "description": "Android. (n.d.). DevicePolicyManager. Retrieved September 15, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ", - "modified": "2022-04-01T14:50:28.686Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00", - "type": "relationship", - "created": "2020-09-15T15:18:12.421Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.421Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -21105,31 +13831,23 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f", "type": "relationship", - "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396", - "created": "2022-04-20T17:46:43.542Z", - "x_mitre_version": "0.1", + "created": "2020-09-11T14:54:16.640Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - }, - { - "source_name": "Bitdefender - Triout 2018", - "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", - "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", - "modified": "2022-04-20T17:46:43.542Z", + "modified": "2020-09-11T14:54:16.640Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)", "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -21137,28 +13855,23 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484", - "created": "2019-09-04T15:38:56.877Z", + "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee", + "created": "2019-08-07T15:57:13.443Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - }, - { - "source_name": "FlexiSpy-Features", - "url": "https://www.flexispy.com/en/features-overview.htm", - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)", + "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -21168,20 +13881,270 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9", - "created": "2022-03-28T19:25:49.640Z", + "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9", + "created": "2022-04-01T17:08:15.158Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "CSRIC5-WG10-FinalReport", + "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", + "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ", + "modified": "2022-04-11T19:09:00.362Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3", + "created": "2019-10-18T15:51:48.487Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.", + "modified": "2022-04-05T19:42:51.306Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e", + "created": "2022-03-30T20:43:31.249Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Ensure Verified Boot is enabled on devices with that capability.", - "modified": "2022-03-28T19:25:49.640Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "description": "", + "modified": "2022-03-30T20:43:31.249Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31", + "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564", + "created": "2020-11-10T17:08:35.771Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6", + "type": "relationship", + "created": "2020-07-20T13:27:33.553Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.518Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e", + "type": "relationship", + "created": "2019-09-03T19:45:48.489Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.128Z", + "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5", + "type": "relationship", + "created": "2020-09-11T16:22:03.231Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.231Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cea30219-a255-43ae-b731-9512c5044523", + "created": "2022-04-18T19:46:02.547Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-18T19:46:02.547Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7", + "created": "2022-04-01T18:45:11.299Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.", + "modified": "2022-04-01T18:45:11.299Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65", + "type": "relationship", + "created": "2021-04-19T17:05:42.574Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2021-04-19T17:05:42.574Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f", + "type": "relationship", + "created": "2020-04-08T15:41:19.427Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-09-11T15:42:15.628Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "HackerNews-Allwinner", + "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html", + "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)", + "modified": "2022-04-15T15:16:35.892Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -21212,1361 +14175,28 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c", "type": "relationship", - "created": "2020-07-27T14:14:56.954Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "modified": "2020-08-10T22:18:20.777Z", - "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d", + "created": "2019-10-18T14:50:57.491Z", "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288", - "created": "2020-07-15T20:20:59.291Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "Security updates often contain patches for vulnerabilities.", + "modified": "2022-03-30T15:52:58.256Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07", - "type": "relationship", - "created": "2021-01-05T20:16:20.505Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.505Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f", - "created": "2019-11-21T19:16:34.776Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint SimBad 2019", - "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", - "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9", - "created": "2020-04-24T17:46:31.598Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2", - "type": "relationship", - "created": "2019-11-21T16:42:48.497Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "modified": "2019-11-21T16:42:48.497Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150", - "type": "relationship", - "created": "2020-05-11T16:37:36.673Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "source_name": "ThreatFabric Ginp" - } - ], - "modified": "2020-05-11T16:37:36.673Z", - "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304", - "type": "relationship", - "created": "2019-10-10T15:27:22.091Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-10-10T15:27:22.091Z", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544", - "created": "2020-04-08T15:41:19.448Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)", - "modified": "2022-04-15T17:33:02.327Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec", - "created": "2022-04-01T15:54:48.924Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ", - "modified": "2022-04-01T15:54:48.924Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328", - "created": "2022-03-30T19:34:09.377Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T19:34:09.377Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446", - "created": "2020-12-14T14:52:03.294Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420", - "type": "relationship", - "created": "2021-01-20T16:01:19.409Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Trend Micro Anubis", - "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", - "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." - } - ], - "modified": "2021-01-20T16:01:19.409Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b", - "type": "relationship", - "created": "2020-12-24T21:45:56.981Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:45:56.981Z", - "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794", - "type": "relationship", - "created": "2019-11-21T16:42:48.488Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "source_name": "SecureList - ViceLeaker 2019" - }, - { - "source_name": "Bitdefender - Triout 2018", - "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", - "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." - } - ], - "modified": "2020-01-21T14:20:50.474Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a", - "created": "2020-11-20T16:37:28.475Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" - } - ], - "modified": "2019-10-10T15:27:22.110Z", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb", - "created": "2020-12-24T22:04:28.024Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9", - "created": "2019-07-16T14:33:12.113Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Krebs-Triada June 2019", - "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/", - "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019." - }, - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)", - "modified": "2022-04-19T15:47:32.152Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080", - "type": "relationship", - "created": "2019-09-04T14:28:15.909Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:12.568Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020", - "created": "2022-03-28T19:41:37.162Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates may contain patches for devices that were compromised at the supply chain level.", - "modified": "2022-03-28T19:41:37.162Z", "relationship_type": "mitigates", "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd", - "type": "relationship", - "created": "2020-09-11T14:54:16.644Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.644Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0", - "created": "2020-10-29T17:48:27.394Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175", - "created": "2022-03-30T15:52:09.759Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation can often detect jailbroken or rooted devices.", - "modified": "2022-03-30T15:52:09.759Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d", "type": "relationship", - "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1", - "created": "2022-04-06T13:52:46.831Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 7 changed how the Device Administrator password APIs function.", - "modified": "2022-04-06T13:52:46.831Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299", - "created": "2022-04-01T15:13:40.779Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Trend Micro iOS URL Hijacking", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/", - "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12). iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", - "modified": "2022-04-01T15:13:40.779Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" - } - ], - "modified": "2019-10-10T15:27:22.175Z", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa", - "created": "2020-11-10T17:08:35.761Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)", - "modified": "2022-04-15T16:01:53.756Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58", - "type": "relationship", - "created": "2020-04-08T15:41:19.421Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:41:19.421Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08", - "created": "2020-10-29T19:21:23.200Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158", - "created": "2020-10-29T17:48:27.325Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-19T20:13:03.349Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--29357289-362c-447c-b387-9a38b50d7296", - "created": "2022-04-15T17:20:06.338Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - }, - { - "source_name": "Check Point-Joker", - "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/", - "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)", - "modified": "2022-04-15T17:20:06.338Z", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb", - "created": "2020-11-10T17:08:35.846Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1", - "created": "2020-07-15T20:20:59.227Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0", - "type": "relationship", - "created": "2019-09-15T15:32:17.563Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-07-09T14:07:02.315Z", - "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118", - "created": "2020-12-24T21:55:56.696Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737", - "created": "2022-04-18T16:53:24.617Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Wandera-RedDrop", - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ", - "modified": "2022-04-20T16:33:23.507Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251", - "type": "relationship", - "created": "2020-07-20T13:58:53.610Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], - "modified": "2020-09-24T15:12:24.302Z", - "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d", - "type": "relationship", - "created": "2020-07-15T20:20:59.314Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.314Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e", - "type": "relationship", - "created": "2020-07-15T20:20:59.382Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.382Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7", - "type": "relationship", - "created": "2019-08-07T15:57:13.388Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "modified": "2019-09-18T13:44:13.453Z", - "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809", - "type": "relationship", - "created": "2020-12-18T20:14:47.374Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-18T20:14:47.374Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe", - "type": "relationship", - "created": "2020-07-15T20:20:59.282Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.282Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "PaloAlto-DualToy", - "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.", - "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)", - "relationship_type": "uses", - "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8", - "created": "2022-03-30T19:54:24.468Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ", - "modified": "2022-03-30T19:55:15.724Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac", - "created": "2020-12-18T20:14:47.310Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6", - "created": "2020-09-14T13:35:45.911Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ESET-Twitoor", - "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", - "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)", - "modified": "2022-04-20T17:56:24.292Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", - "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77", - "created": "2022-04-06T15:52:41.579Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:52:41.579Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-19T16:54:05.627Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f", - "type": "relationship", - "created": "2020-06-02T14:32:31.878Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.878Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3", - "type": "relationship", - "created": "2020-05-04T14:04:56.189Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "modified": "2020-05-04T15:40:21.081Z", - "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd", - "type": "relationship", - "created": "2020-05-04T14:04:56.214Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "modified": "2020-05-04T15:40:21.076Z", - "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1284f6fe-d352-415c-9479-82141524380a", - "created": "2022-03-30T18:06:48.250Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ", - "modified": "2022-03-30T18:06:48.250Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5", - "created": "2022-04-06T15:47:06.163Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:47:06.163Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", - "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb", - "type": "relationship", - "created": "2020-01-27T17:05:58.308Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.308Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f", - "type": "relationship", - "created": "2021-10-01T14:42:49.191Z", + "created": "2021-10-01T14:42:48.740Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -22575,2609 +14205,14 @@ "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." } ], - "modified": "2021-10-01T14:42:49.191Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)", + "modified": "2021-10-12T13:51:41.045Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)", "relationship_type": "uses", "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2", - "created": "2022-03-30T19:12:31.481Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T19:12:31.481Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", - "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler-SuperMarioRun", - "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", - "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)", - "modified": "2022-05-20T17:13:16.509Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9", - "created": "2019-09-04T14:28:15.316Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ", - "modified": "2022-04-15T16:02:44.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544", - "created": "2022-04-05T19:40:25.071Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:40:25.071Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a", - "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-MobileMalware", - "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", - "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", - "modified": "2022-04-19T20:10:19.381Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce", - "created": "2022-04-06T13:57:24.730Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T13:57:24.730Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19", - "type": "relationship", - "created": "2021-02-17T20:43:52.381Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.381Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef", - "created": "2020-07-27T14:14:56.993Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69", - "created": "2019-10-14T19:14:18.673Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Group IB Gustuff Mar 2019", - "url": "https://www.group-ib.com/blog/gustuff", - "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff", - "type": "relationship", - "created": "2019-09-04T14:28:16.478Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-10-14T17:52:48.001Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2", - "created": "2022-04-01T15:13:55.124Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be instructed to not open links in applications they don’t recognize.", - "modified": "2022-04-01T15:13:55.124Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594", - "created": "2022-04-05T17:14:08.267Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:14:08.267Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85", - "created": "2022-04-01T13:13:10.587Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ", - "modified": "2022-04-01T13:13:10.587Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8", - "created": "2019-11-21T16:42:48.459Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9", - "created": "2020-07-20T13:27:33.509Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d", - "created": "2020-07-15T20:20:59.380Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-18T19:18:24.378Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1", - "created": "2020-07-20T13:27:33.514Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf", - "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.", - "source_name": "CrowdStrike-Android" - } - ], - "modified": "2020-03-20T16:37:06.668Z", - "description": "(Citation: CrowdStrike-Android)", - "relationship_type": "uses", - "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c", - "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999", - "created": "2020-11-24T17:55:12.818Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae", - "created": "2019-09-04T20:01:42.753Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Nightwatch screencap April 2016", - "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/", - "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ", - "modified": "2022-04-01T13:31:59.712Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f", - "created": "2022-04-01T18:49:19.284Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.", - "modified": "2022-04-01T18:49:19.284Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1", - "created": "2020-12-24T21:45:56.920Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856", - "created": "2020-05-04T14:04:56.211Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)", - "modified": "2022-04-19T20:17:16.407Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad", - "created": "2022-04-05T19:45:03.117Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:45:03.117Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-08-09T17:56:05.683Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3", - "type": "relationship", - "created": "2021-04-19T14:29:46.530Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-04-19T14:29:46.530Z", - "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365", - "created": "2019-09-04T14:28:15.950Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987", - "created": "2022-04-01T18:43:15.716Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.", - "modified": "2022-04-01T18:43:15.716Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3", - "created": "2020-07-20T13:27:33.486Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d", - "created": "2022-03-28T19:39:42.538Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-28T19:39:42.538Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8", - "created": "2019-11-21T16:42:48.437Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-08-09T17:59:49.112Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09", - "type": "relationship", - "created": "2021-02-08T16:36:20.846Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "modified": "2021-05-24T13:16:56.596Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a", - "type": "relationship", - "created": "2020-11-24T17:55:12.846Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.846Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed", - "type": "relationship", - "created": "2020-12-24T21:45:56.982Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:45:56.982Z", - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab", - "created": "2020-09-11T14:54:16.589Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c", - "created": "2022-04-01T18:52:02.211Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be taught the dangers of rooting or jailbreaking their device.", - "modified": "2022-04-01T18:52:02.211Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e", - "created": "2020-10-29T17:48:27.380Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998", - "created": "2020-04-08T15:41:19.385Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0", - "created": "2019-09-03T20:08:00.711Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Group IB Gustuff Mar 2019", - "url": "https://www.group-ib.com/blog/gustuff", - "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019." - }, - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)", - "modified": "2022-04-19T19:42:17.904Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a", - "type": "relationship", - "created": "2019-08-09T17:56:05.588Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-08-09T17:56:05.588Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1", - "type": "relationship", - "created": "2020-06-26T14:55:13.289Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T14:55:13.289Z", - "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c", - "created": "2020-09-11T14:54:16.646Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6", - "type": "relationship", - "created": "2020-10-29T17:48:27.332Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T17:48:27.332Z", - "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103", - "created": "2019-09-23T13:36:08.341Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)", - "modified": "2022-04-19T20:12:09.565Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c", - "type": "relationship", - "created": "2020-09-11T16:22:03.296Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.296Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331", - "created": "2022-03-30T15:08:13.679Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android-VerifiedBoot", - "url": "https://source.android.com/security/verifiedboot/", - "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ", - "modified": "2022-03-30T15:08:13.679Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca", - "type": "relationship", - "created": "2019-07-23T15:35:23.530Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-03-30T14:03:43.920Z", - "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to whitelist applications that are allowed to use Android's accessibility features.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341", - "type": "relationship", - "created": "2019-07-16T14:33:12.085Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "modified": "2020-04-27T16:52:49.480Z", - "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--51757971-17ac-40c3-bae7-78365579db49", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-Obad", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/", - "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)", - "modified": "2022-04-15T15:45:04.647Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", - "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87", - "type": "relationship", - "created": "2021-01-05T20:16:20.495Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.495Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8", - "created": "2019-09-04T15:38:56.721Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FortiGuard-FlexiSpy", - "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847", - "created": "2022-04-06T13:30:03.526Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.", - "modified": "2022-04-06T13:30:03.527Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2793d721-df10-4621-8387-f3342def59a1", - "created": "2022-03-30T18:14:36.786Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ", - "modified": "2022-03-30T18:14:36.786Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1", - "created": "2019-09-04T15:38:56.809Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d", - "created": "2020-12-17T20:15:22.496Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-08-09T17:56:05.682Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8", - "created": "2022-04-01T18:49:51.050Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T18:49:51.050Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1", - "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b", - "type": "relationship", - "created": "2020-12-18T20:14:47.314Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-18T20:14:47.314Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801", - "type": "relationship", - "created": "2020-09-11T16:22:03.207Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.207Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d", - "created": "2022-04-05T17:14:23.789Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:14:23.789Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e", - "created": "2019-09-03T20:08:00.717Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408", - "created": "2020-06-26T14:55:13.349Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)", - "modified": "2022-04-18T15:57:14.375Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "source_name": "Kaspersky-Skygofree" - } - ], - "modified": "2019-08-09T18:08:07.144Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e", - "type": "relationship", - "created": "2019-09-03T19:45:48.496Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-10-14T16:47:53.226Z", - "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca", - "created": "2022-04-01T13:14:43.195Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T13:14:43.195Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a", - "created": "2022-04-01T14:51:51.593Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ", - "modified": "2022-04-01T14:51:51.593Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac", - "created": "2020-06-26T15:32:25.060Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56", - "created": "2020-06-26T15:32:25.045Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c", - "type": "relationship", - "created": "2020-11-10T17:08:35.624Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-11-10T17:08:35.624Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044", - "type": "relationship", - "created": "2017-10-25T14:48:53.734Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2019-07-29T13:57:09.300Z", - "description": "Android 7.0 and higher includes additional protections against this technique.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302", - "created": "2022-04-05T19:42:39.957Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android 12 Features", - "url": "https://developer.android.com/about/versions/12/features", - "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", - "modified": "2022-04-05T19:51:47.956Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f", - "created": "2019-07-16T14:33:12.107Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky Triada June 2016", - "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/", - "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019." - }, - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb", - "type": "relationship", - "created": "2019-07-10T15:35:43.710Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.842Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8", - "created": "2022-04-05T19:49:59.027Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:49:59.027Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695", - "type": "relationship", - "created": "2020-09-11T16:23:16.363Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:23:16.363Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817", - "created": "2019-09-20T18:03:57.062Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Android 10 Execute", - "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission", - "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)", - "modified": "2022-04-01T18:37:44.516Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861", - "created": "2021-02-08T16:36:20.711Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95", - "type": "relationship", - "created": "2019-10-18T15:51:48.525Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2019-10-18T15:51:48.525Z", - "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193", - "created": "2021-10-01T14:42:49.152Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5", - "type": "relationship", - "created": "2020-11-24T17:55:12.897Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.897Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf", - "created": "2020-12-17T20:15:22.491Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d", - "created": "2019-09-03T20:08:00.760Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)", - "modified": "2022-04-19T20:18:36.894Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-MobileMalware", - "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", - "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", - "modified": "2022-04-19T20:08:26.141Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e", - "type": "relationship", - "created": "2020-12-14T14:52:03.310Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T14:52:03.310Z", - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056", - "type": "relationship", - "created": "2020-12-24T22:04:27.919Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:27.919Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7", - "type": "relationship", - "created": "2019-11-21T16:42:48.490Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "modified": "2019-11-21T16:42:48.490Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9", - "created": "2022-04-06T13:57:38.847Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T13:57:38.847Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5", - "type": "relationship", - "created": "2019-09-03T20:08:00.764Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" - } - ], - "modified": "2019-09-15T15:35:33.379Z", - "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e", - "created": "2022-03-30T20:45:34.433Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android Package Visibility", - "url": "https://developer.android.com/training/package-visibility", - "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", - "modified": "2022-04-11T19:19:52.562Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd", - "type": "relationship", - "created": "2019-10-10T15:22:52.545Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-RCSAndroid", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" - } - ], - "modified": "2019-10-10T15:22:52.545Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952", - "created": "2020-04-24T17:46:31.564Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07", - "type": "relationship", - "created": "2020-11-10T17:08:35.634Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-11-10T17:08:35.634Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9", - "type": "relationship", - "created": "2020-04-24T17:46:31.582Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.582Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378", - "type": "relationship", - "created": "2019-09-03T19:45:48.515Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.216Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519", - "created": "2022-04-05T17:03:53.457Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:03:53.457Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1", - "type": "relationship", - "created": "2021-10-01T14:42:49.184Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-01T14:42:49.184Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097", - "created": "2022-04-01T15:16:26.387Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be instructed to not open links in applications they don’t recognize.", - "modified": "2022-04-01T15:16:26.387Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030", - "created": "2022-03-30T20:42:04.251Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.", - "modified": "2022-03-30T20:42:04.251Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)", - "relationship_type": "uses", - "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e", - "created": "2022-04-01T15:16:16.027Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Trend Micro iOS URL Hijacking", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/", - "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12). iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", - "modified": "2022-04-01T15:16:16.027Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93", - "type": "relationship", - "created": "2020-11-10T17:08:35.800Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-09-20T13:54:20.494Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd", - "type": "relationship", - "created": "2020-04-08T18:55:29.196Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "source_name": "Cofense Anubis" - } - ], - "modified": "2020-04-09T16:45:38.751Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) exfiltrates data encrypted (with RC4) by its ransomware module.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39", - "type": "relationship", - "created": "2020-04-08T15:41:19.364Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:41:19.364Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6", - "created": "2019-07-10T15:35:43.665Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91", - "created": "2020-12-18T20:14:47.369Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15", - "created": "2020-12-24T21:45:56.965Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363", - "type": "relationship", - "created": "2020-12-24T22:04:27.992Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:27.992Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -25209,28 +14244,9 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa", - "created": "2022-04-01T16:52:36.974Z", + "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6", + "created": "2022-04-20T17:36:25.707Z", "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T16:52:36.974Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415", - "type": "relationship", - "created": "2020-11-10T17:08:35.819Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "Lookout Uyghur Campaign", @@ -25238,1349 +14254,13 @@ "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-11-10T17:08:35.819Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-Xbot", - "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", - "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)", - "modified": "2022-04-18T19:27:33.225Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", - "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394", - "created": "2021-02-08T16:36:20.639Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6", - "created": "2022-04-01T15:16:53.239Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T15:16:53.239Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", - "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689", - "created": "2022-04-06T13:35:43.203Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult", - "modified": "2022-04-06T13:35:43.203Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81", - "created": "2022-04-05T20:03:46.789Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T20:03:46.789Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de", - "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d", - "type": "relationship", - "created": "2021-01-05T20:16:20.417Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.417Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21", - "type": "relationship", - "created": "2021-01-20T16:01:19.323Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zimperium z9", - "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/", - "description": "zLabs. (2019, November 12). How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021." - } - ], - "modified": "2021-01-20T16:01:19.323Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b", - "type": "relationship", - "created": "2020-12-24T22:04:27.914Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:27.914Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-20T17:36:25.707Z", "relationship_type": "uses", "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983", - "type": "relationship", - "created": "2019-09-04T15:38:56.916Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "modified": "2019-09-10T14:59:26.071Z", - "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0", - "type": "relationship", - "created": "2021-10-01T14:42:48.728Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-01T14:42:48.728Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599", - "type": "relationship", - "created": "2020-07-20T13:27:33.512Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.531Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072", - "type": "relationship", - "created": "2020-09-11T15:14:34.064Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SMS KitKat", - "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", - "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020." - } - ], - "modified": "2020-10-22T17:04:15.708Z", - "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1", - "created": "2020-06-26T15:32:25.002Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-15T17:33:17.868Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0", - "created": "2017-10-25T14:48:53.741Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.", - "modified": "2022-03-30T20:25:46.994Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-RCSAndroid", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad", - "type": "relationship", - "created": "2020-12-07T14:28:32.141Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-12-07T14:28:32.141Z", - "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d716163d-2492-4088-9235-b2310312ba27", - "created": "2022-04-06T15:44:48.422Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:44:48.422Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5", - "type": "relationship", - "created": "2020-12-24T21:55:56.747Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.747Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf", - "type": "relationship", - "created": "2021-10-01T14:42:48.900Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-01T14:42:48.900Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed", - "created": "2019-07-10T15:35:43.668Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47", - "created": "2022-04-01T17:08:41.293Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ", - "modified": "2022-04-01T17:08:41.293Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134", - "created": "2020-05-04T14:04:56.158Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e", - "created": "2020-06-02T14:32:31.900Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09", - "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03", - "type": "relationship", - "created": "2020-12-17T20:15:22.449Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.449Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86", - "type": "relationship", - "created": "2020-01-27T17:05:58.276Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.276Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671", - "created": "2021-02-08T16:36:20.709Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-18T16:07:26.671Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Tripwire-MazarBOT", - "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/", - "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f", - "created": "2022-03-28T19:25:38.355Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates may contain patches that inhibit system software compromises.", - "modified": "2022-03-28T19:25:38.355Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f", - "type": "relationship", - "created": "2020-12-17T20:15:22.445Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.445Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb", - "created": "2020-12-14T14:52:03.184Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080", - "type": "relationship", - "created": "2020-12-17T20:15:22.498Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.498Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9", - "type": "relationship", - "created": "2021-01-05T20:16:20.502Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "modified": "2021-01-05T20:16:20.502Z", - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71", - "created": "2022-03-30T20:53:54.296Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T20:53:54.296Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler-SpyNote", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106", - "type": "relationship", - "created": "2020-12-14T14:52:03.255Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T14:52:03.255Z", - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint-Judy", - "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/", - "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564", - "created": "2020-11-10T17:08:35.771Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2", - "created": "2020-04-24T17:46:31.589Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)", - "modified": "2022-04-19T20:05:42.315Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8", - "created": "2022-03-30T18:06:21.355Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Symantec-iOSProfile2", - "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles", - "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018." - }, - { - "source_name": "Android-TrustedCA", - "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html", - "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)", - "modified": "2022-03-30T18:06:21.355Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506", - "type": "relationship", - "created": "2020-11-20T16:37:28.567Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.567Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253", - "type": "relationship", - "created": "2020-12-31T18:25:05.178Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.178Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208", - "type": "relationship", - "created": "2020-07-20T13:27:33.546Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.537Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63", - "type": "relationship", - "created": "2020-05-07T15:24:49.530Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-05-27T13:23:34.536Z", - "description": "Security updates frequently contain patches to vulnerabilities.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36", - "created": "2020-05-07T15:33:32.895Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee", - "created": "2019-08-07T15:57:13.443Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b", - "created": "2020-12-24T21:55:56.743Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c", - "type": "relationship", - "created": "2020-12-18T20:14:47.381Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-28T18:59:33.140Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d", - "created": "2019-09-03T20:08:00.708Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)", - "modified": "2022-04-15T16:55:56.825Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f", - "type": "relationship", - "created": "2020-04-08T15:41:19.427Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-09-11T15:42:15.628Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d", - "type": "relationship", - "created": "2021-10-01T14:42:48.740Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-12T13:51:41.045Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3", - "created": "2022-04-05T19:38:18.760Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ", - "modified": "2022-04-05T19:38:18.760Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc", - "type": "relationship", - "created": "2020-12-24T21:55:56.688Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.688Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65", - "type": "relationship", - "created": "2021-04-19T17:05:42.574Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-04-19T17:05:42.574Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7", - "created": "2022-04-01T18:45:11.299Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.", - "modified": "2022-04-01T18:45:11.299Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -26612,46 +14292,26 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de", "type": "relationship", - "created": "2019-10-14T20:49:24.571Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856", + "created": "2020-05-04T14:04:56.211Z", + "x_mitre_version": "1.0", "external_references": [ { - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "source_name": "securelist rotexy 2018" + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." } ], - "modified": "2019-10-14T20:49:24.571Z", - "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819", - "type": "relationship", - "created": "2020-11-20T16:37:28.485Z", + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)", + "modified": "2022-04-19T20:17:16.407Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.485Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)", "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -26680,671 +14340,6 @@ "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb", - "created": "2022-04-05T19:46:05.853Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Samsung Keyboards", - "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-", - "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)", - "modified": "2022-04-05T19:46:05.853Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd", - "created": "2021-02-08T16:36:20.707Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e", - "type": "relationship", - "created": "2019-09-03T19:45:48.489Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.128Z", - "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859", - "type": "relationship", - "created": "2020-09-24T15:34:51.276Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" - } - ], - "modified": "2020-09-24T15:34:51.276Z", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f0851531-e554-4658-920c-f2342632c19a", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Adware", - "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.", - "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)", - "relationship_type": "uses", - "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c", - "type": "relationship", - "created": "2019-09-04T15:38:56.562Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.", - "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "source_name": "FortiGuard-FlexiSpy" - } - ], - "modified": "2019-10-14T18:08:28.500Z", - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8", - "type": "relationship", - "created": "2020-04-24T17:46:31.613Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.613Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3", - "type": "relationship", - "created": "2021-10-01T14:42:49.183Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-06T15:32:46.533Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae", - "type": "relationship", - "created": "2020-11-10T17:08:35.746Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-01T19:48:44.878Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32", - "created": "2020-06-26T20:16:32.181Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ESET DEFENSOR ID", - "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", - "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ", - "modified": "2022-04-19T20:19:01.733Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e", - "created": "2022-03-30T20:43:31.249Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T20:43:31.249Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31", - "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84", - "type": "relationship", - "created": "2019-07-10T15:35:43.708Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.797Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622", - "created": "2020-07-15T20:20:59.280Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a", - "created": "2020-12-28T18:47:52.357Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb", - "created": "2020-05-07T15:33:32.936Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)", - "modified": "2022-04-15T16:44:17.145Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80", - "created": "2022-03-30T19:33:05.375Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.", - "modified": "2022-03-30T19:33:05.375Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e", - "created": "2022-03-30T13:45:39.184Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation can often detect jailbroken or rooted devices.", - "modified": "2022-03-30T13:45:39.184Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c", - "type": "relationship", - "created": "2019-09-23T13:36:08.390Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "source_name": "securelist rotexy 2018" - } - ], - "modified": "2019-10-14T20:49:24.646Z", - "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912", - "type": "relationship", - "created": "2020-05-11T16:13:43.062Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "modified": "2020-05-11T16:13:43.062Z", - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Tripwire-MazarBOT", - "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/", - "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c", - "created": "2020-12-24T21:55:56.693Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-19T16:26:30.170Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787", - "type": "relationship", - "created": "2019-09-04T14:28:15.471Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-10-14T17:51:37.979Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576", - "type": "relationship", - "created": "2020-09-14T14:13:45.294Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-14T15:39:17.961Z", - "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6", - "type": "relationship", - "created": "2020-07-15T20:20:59.316Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.316Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f", - "type": "relationship", - "created": "2020-11-10T17:08:35.644Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-11-10T17:08:35.644Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421", - "created": "2020-04-24T15:12:11.217Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)", - "modified": "2022-04-19T20:11:19.381Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -27376,163 +14371,16 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510", - "created": "2019-10-07T16:32:27.127Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-08-09T17:59:49.094Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674", - "type": "relationship", - "created": "2020-12-24T22:04:28.025Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.025Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184", - "created": "2021-02-08T16:36:20.785Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60", - "created": "2020-11-24T17:55:12.828Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6", - "type": "relationship", - "created": "2020-07-20T13:27:33.553Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.518Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d", - "created": "2022-03-30T20:13:40.625Z", + "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920", + "created": "2022-04-05T19:46:22.326Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.", - "modified": "2022-03-30T20:13:40.625Z", + "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.", + "modified": "2022-04-05T19:46:22.326Z", "relationship_type": "mitigates", "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -27542,209 +14390,49 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e", - "created": "2020-01-27T17:05:58.335Z", + "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660", + "created": "2018-10-17T00:14:20.652Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Trend Micro Bouncing Golf 2019", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." + "source_name": "Kaspersky-Skygofree", + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)", + "modified": "2022-04-19T20:22:47.253Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8", - "created": "2022-04-01T15:16:02.324Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "iOS Universal Links", - "url": "https://developer.apple.com/ios/universal-links/", - "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020." - }, - { - "source_name": "Android App Links", - "url": "https://developer.android.com/training/app-links/verify-site-associations", - "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020." - }, - { - "source_name": "IETF-PKCE", - "url": "https://tools.ietf.org/html/rfc7636", - "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ", - "modified": "2022-04-01T15:16:02.324Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0", - "created": "2020-12-24T21:55:56.741Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50", - "type": "relationship", - "created": "2019-10-10T15:14:57.378Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-10-10T15:14:57.378Z", - "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2", - "created": "2019-09-04T14:28:15.482Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)", - "modified": "2022-04-15T16:38:09.953Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9", - "created": "2022-04-01T17:08:15.158Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "CSRIC5-WG10-FinalReport", - "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf", - "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ", - "modified": "2022-04-11T19:09:00.362Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306", - "type": "relationship", - "created": "2020-05-07T15:33:32.778Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "modified": "2020-05-07T15:33:32.778Z", - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03", - "created": "2020-12-24T21:45:56.962Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -27753,44 +14441,21 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6", + "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b", "type": "relationship", - "created": "2019-09-03T19:45:48.508Z", + "created": "2021-01-05T20:16:20.419Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." } ], - "modified": "2019-09-11T13:25:19.114Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ", + "modified": "2021-01-05T20:16:20.419Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)", "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" - } - ], - "modified": "2019-08-09T17:52:31.818Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -27799,292 +14464,25 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c", "type": "relationship", - "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d", - "created": "2017-10-25T14:48:53.746Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TelephonyManager", - "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html", - "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ", - "modified": "2022-03-30T21:04:59.921Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", + "created": "2019-09-04T15:38:56.562Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout-BrainTest", - "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", - "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" + "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.", + "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", + "source_name": "FortiGuard-FlexiSpy" } ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)", + "modified": "2019-10-14T18:08:28.500Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)", "relationship_type": "uses", - "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864", - "type": "relationship", - "created": "2020-06-26T15:12:40.077Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ESET DEFENSOR ID", - "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", - "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:12:40.077Z", - "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)", - "relationship_type": "uses", - "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c", - "type": "relationship", - "created": "2020-12-18T20:14:47.371Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-18T21:00:05.246Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea", - "created": "2022-04-06T13:40:14.515Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android 10 Privacy Changes", - "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", - "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)", - "modified": "2022-04-06T13:40:14.515Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af", - "type": "relationship", - "created": "2020-04-24T15:06:33.531Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:55:55.049Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1", - "created": "2021-10-01T14:42:49.176Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)", - "modified": "2022-04-15T17:33:49.565Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-Xbot", - "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", - "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38", - "type": "relationship", - "created": "2020-05-11T16:37:36.616Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "source_name": "ThreatFabric Ginp" - } - ], - "modified": "2020-05-11T16:37:36.616Z", - "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943", - "created": "2022-04-05T20:11:51.188Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ", - "modified": "2022-04-05T20:11:51.188Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-XcodeGhost", - "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/", - "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28112,25 +14510,71 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4", "type": "relationship", - "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af", - "created": "2020-12-14T14:52:03.322Z", + "created": "2020-04-08T15:41:19.340Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T18:55:29.238Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c", + "type": "relationship", + "created": "2019-09-23T13:36:08.390Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "source_name": "securelist rotexy 2018" + } + ], + "modified": "2019-10-14T20:49:24.646Z", + "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510", + "created": "2019-10-07T16:32:27.127Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)", + "description": " [Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28138,70 +14582,76 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35", "type": "relationship", - "created": "2020-12-17T20:15:22.405Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-28T18:47:52.600Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "PaloAlto-DualToy", - "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.", - "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)", - "relationship_type": "uses", - "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", - "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57", - "created": "2020-11-24T17:55:12.826Z", + "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36", + "created": "2020-05-07T15:33:32.895Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)", + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd", + "created": "2021-02-08T16:36:20.707Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288", + "created": "2020-07-15T20:20:59.291Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -28211,24 +14661,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8", - "created": "2018-10-17T00:14:20.652Z", + "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32", + "created": "2020-06-26T20:16:32.181Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + "source_name": "ESET DEFENSOR ID", + "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", + "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", + "description": " [DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ", + "modified": "2022-04-19T20:19:01.733Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28237,27 +14687,136 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce", - "created": "2021-01-05T20:16:20.412Z", - "x_mitre_version": "1.0", + "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0", + "created": "2022-03-30T20:31:57.183Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.", + "modified": "2022-03-30T20:31:57.183Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e", + "type": "relationship", + "created": "2020-01-14T17:47:08.826Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "modified": "2020-01-14T17:47:08.826Z", + "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a", + "created": "2022-04-05T19:52:38.539Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "CSRIC-WG1-FinalReport", + "description": "CSRIC-WG1-FinalReport" } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)", + "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ", + "modified": "2022-04-05T19:52:38.539Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124", + "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef", + "created": "2022-04-05T20:14:17.442Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T20:14:17.442Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", + "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38", + "type": "relationship", + "created": "2020-05-11T16:37:36.616Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "source_name": "ThreatFabric Ginp" + } + ], + "modified": "2020-05-11T16:37:36.616Z", + "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28284,168 +14843,6 @@ "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86", - "created": "2022-04-06T13:55:37.498Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be advised that applications generally do not require permission to send SMS messages.", - "modified": "2022-04-06T13:55:37.498Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c", - "created": "2019-08-09T18:02:06.688Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler-SuperMarioRun", - "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", - "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)", - "modified": "2022-05-20T17:13:16.507Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca", - "created": "2022-04-06T13:22:57.754Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T13:22:57.754Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", - "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Adware", - "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/", - "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)", - "modified": "2022-04-15T16:00:47.923Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23", - "type": "relationship", - "created": "2020-09-11T14:54:16.566Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.566Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader", - "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" - } - ], - "modified": "2020-07-20T13:49:03.687Z", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28473,21 +14870,47 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372", "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", + "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SuperMarioRun", + "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", + "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)", + "modified": "2022-05-20T17:13:16.508Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3", + "type": "relationship", + "created": "2020-04-24T15:06:33.510Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Xiao-KeyRaider", - "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.", - "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." } ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)", + "modified": "2020-04-24T15:06:33.510Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ", "relationship_type": "uses", - "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -28518,6 +14941,25 @@ "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328", + "created": "2022-03-30T19:34:09.377Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:34:09.377Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28545,54 +14987,9 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0", "type": "relationship", - "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ArsTechnica-HummingWhale", - "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/", - "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c", - "created": "2022-04-01T18:48:03.156Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T18:48:03.156Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a", - "type": "relationship", - "created": "2020-11-10T17:08:35.713Z", + "created": "2020-12-24T22:04:27.997Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -28601,11 +14998,11 @@ "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-11-10T17:08:35.713Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)", + "modified": "2020-12-24T22:04:27.997Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)", "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28613,41 +15010,45 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208", "type": "relationship", - "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56", - "created": "2017-10-25T14:48:53.738Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ", - "modified": "2022-04-01T13:51:48.934Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", + "created": "2020-07-20T13:27:33.546Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." } ], - "modified": "2019-08-09T17:52:31.748Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)", + "modified": "2020-08-10T21:57:54.537Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)", "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de", + "type": "relationship", + "created": "2019-10-14T20:49:24.571Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "source_name": "securelist rotexy 2018" + } + ], + "modified": "2019-10-14T20:49:24.571Z", + "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28656,69 +15057,27 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898", - "created": "2019-09-04T14:28:16.414Z", + "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d", + "created": "2020-06-26T14:55:13.385Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)", + "modified": "2022-04-15T17:39:39.931Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea", - "created": "2022-03-30T19:32:43.015Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.", - "modified": "2022-03-30T19:32:43.015Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10", - "type": "relationship", - "created": "2020-06-26T15:32:25.074Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:25.074Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28764,6 +15123,4516 @@ "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8", + "created": "2022-03-30T18:06:21.355Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Symantec-iOSProfile2", + "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles", + "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018." + }, + { + "source_name": "Android-TrustedCA", + "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html", + "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)", + "modified": "2022-03-30T18:06:21.355Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254", + "type": "relationship", + "created": "2021-02-08T16:36:20.701Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.399Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af", + "created": "2020-12-14T14:52:03.322Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253", + "type": "relationship", + "created": "2020-12-31T18:25:05.178Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.178Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02", + "type": "relationship", + "created": "2020-12-17T20:15:22.452Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.452Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b", + "created": "2022-03-30T19:28:42.179Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ", + "modified": "2022-03-30T19:28:42.179Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7", + "type": "relationship", + "created": "2019-11-21T16:42:48.490Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "modified": "2019-11-21T16:42:48.490Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81", + "created": "2022-04-05T20:03:46.789Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T20:03:46.789Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de", + "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b", + "created": "2022-04-06T13:52:37.470Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be cautioned against granting administrative access to applications.", + "modified": "2022-04-06T13:52:37.470Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce", + "type": "relationship", + "created": "2020-12-18T20:14:47.339Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T20:14:47.339Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93", + "type": "relationship", + "created": "2020-11-10T17:08:35.800Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2021-09-20T13:54:20.494Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-08-09T17:56:05.686Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2115228b-c61a-4ebb-829a-df7355635fbf", + "created": "2020-12-17T20:15:22.491Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[HenBox](https://attack.mitre.org/software/S0544) can detect if the app is running on an emulator.(Citation: Palo Alto HenBox)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d", + "created": "2019-09-03T20:08:00.708Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)", + "modified": "2022-04-15T16:55:56.825Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113", + "created": "2020-06-26T15:32:25.032Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23", + "created": "2020-12-24T22:04:27.911Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09", + "type": "relationship", + "created": "2021-02-08T16:36:20.846Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.596Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695", + "type": "relationship", + "created": "2021-02-08T16:36:20.799Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.589Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00", + "type": "relationship", + "created": "2020-09-15T15:18:12.421Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.421Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e", + "created": "2020-06-02T14:32:31.900Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39", + "type": "relationship", + "created": "2020-04-08T15:41:19.364Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:41:19.364Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791", + "created": "2022-03-30T19:33:17.520Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.", + "modified": "2022-03-30T19:33:17.520Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819", + "type": "relationship", + "created": "2020-11-20T16:37:28.485Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.485Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9", + "type": "relationship", + "created": "2021-01-05T20:16:20.502Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.502Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385", + "created": "2020-10-29T17:48:27.440Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696", + "created": "2022-03-28T19:38:23.189Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-28T19:38:23.190Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Gooligan Citation", + "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/", + "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110", + "created": "2022-04-05T17:13:56.584Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:13:56.584Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-MobileMalware", + "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", + "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", + "modified": "2022-04-19T20:08:26.141Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a", + "created": "2022-04-01T12:49:32.365Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ", + "modified": "2022-04-01T12:49:32.365Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c", + "created": "2022-04-06T15:52:07.805Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:52:07.805Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e", + "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5", + "type": "relationship", + "created": "2019-09-03T20:08:00.764Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "source_name": "Talos Gustuff Apr 2019" + } + ], + "modified": "2019-09-15T15:35:33.379Z", + "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689", + "created": "2022-04-06T13:35:43.203Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult", + "modified": "2022-04-06T13:35:43.203Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e", + "type": "relationship", + "created": "2020-12-24T21:55:56.745Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.745Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b", + "created": "2020-12-24T21:55:56.743Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b", + "created": "2020-09-11T14:54:16.638Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060", + "created": "2020-04-24T17:46:31.574Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e", + "type": "relationship", + "created": "2019-09-23T13:36:08.386Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "source_name": "securelist rotexy 2018" + } + ], + "modified": "2019-09-23T13:36:08.386Z", + "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21", + "type": "relationship", + "created": "2021-01-20T16:01:19.323Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zimperium z9", + "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/", + "description": "zLabs. (2019, November 12). How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021." + } + ], + "modified": "2021-01-20T16:01:19.323Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0", + "type": "relationship", + "created": "2021-10-01T14:42:48.728Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-01T14:42:48.728Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467", + "created": "2022-04-11T20:06:56.034Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-11T20:06:56.034Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", + "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec", + "type": "relationship", + "created": "2020-05-07T15:33:32.945Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "modified": "2020-05-07T15:33:32.945Z", + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952", + "created": "2020-04-24T17:46:31.564Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "FireEye-RuMMS", + "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html", + "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)", + "modified": "2022-04-19T20:09:40.582Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4", + "type": "relationship", + "created": "2021-03-25T16:39:40.200Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2021-03-25T16:39:40.200Z", + "description": "(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192", + "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea", + "created": "2019-10-18T14:52:53.193Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ", + "modified": "2022-03-30T20:07:50.094Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f", + "type": "relationship", + "created": "2019-08-07T15:57:13.415Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "modified": "2019-09-15T15:36:42.339Z", + "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68", + "created": "2020-06-26T14:55:13.311Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b", + "created": "2022-04-01T16:51:04.584Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "GoogleIO2016", + "url": "https://www.youtube.com/watch?v=XZzLjllizYs", + "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)", + "modified": "2022-04-01T16:51:04.584Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler-SpyNote", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" + } + ], + "modified": "2019-10-10T15:24:09.248Z", + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)", + "relationship_type": "uses", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850", + "type": "relationship", + "created": "2020-11-20T16:37:28.524Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.524Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081", + "type": "relationship", + "created": "2019-09-04T14:28:16.000Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:12.856Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--34351abd-1f58-420a-a893-ad822839815d", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3", + "created": "2020-07-15T20:20:59.287Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-15T15:57:54.150Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b", + "type": "relationship", + "created": "2020-07-20T13:27:33.549Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.524Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e", + "type": "relationship", + "created": "2020-12-14T14:52:03.310Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T14:52:03.310Z", + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86", + "type": "relationship", + "created": "2020-01-27T17:05:58.276Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.276Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576", + "type": "relationship", + "created": "2020-09-14T14:13:45.294Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-14T15:39:17.961Z", + "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f", + "created": "2022-03-30T14:49:47.451Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android-VerifiedBoot", + "url": "https://source.android.com/security/verifiedboot/", + "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ", + "modified": "2022-03-30T14:49:47.451Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-Xbot", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", + "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)", + "modified": "2022-04-18T19:27:33.225Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "source_name": "Kaspersky-Skygofree" + } + ], + "modified": "2019-08-09T18:08:07.145Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Proofpoint-Marcher", + "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks", + "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f", + "type": "relationship", + "created": "2020-12-17T20:15:22.445Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.445Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a", + "type": "relationship", + "created": "2020-12-24T21:55:56.726Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.726Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "source_name": "Kaspersky-Skygofree" + } + ], + "modified": "2019-08-09T18:08:07.183Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120", + "type": "relationship", + "created": "2020-07-27T14:14:56.962Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "modified": "2020-08-10T22:18:20.747Z", + "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3", + "type": "relationship", + "created": "2021-10-01T14:42:49.183Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-06T15:32:46.533Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e", + "created": "2022-03-30T19:54:59.651Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ", + "modified": "2022-03-30T19:54:59.651Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0", + "created": "2019-08-07T15:57:13.453Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1", + "created": "2022-04-05T19:48:31.354Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:48:31.354Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint-Charger", + "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", + "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" + } + ], + "modified": "2019-10-09T14:51:42.845Z", + "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)", + "relationship_type": "uses", + "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Gooligan Citation", + "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", + "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" + } + ], + "modified": "2019-10-10T15:18:51.121Z", + "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)", + "relationship_type": "uses", + "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab", + "created": "2020-09-11T14:54:16.589Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56", + "created": "2020-06-26T15:32:25.045Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc", + "created": "2022-03-30T19:36:20.304Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.", + "modified": "2022-03-30T19:36:20.304Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126", + "created": "2019-09-03T19:45:48.517Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87", + "type": "relationship", + "created": "2021-01-05T20:16:20.495Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.495Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af", + "type": "relationship", + "created": "2020-04-24T15:06:33.531Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:55:55.049Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54", + "type": "relationship", + "created": "2021-10-01T14:42:48.744Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-01T14:42:48.744Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2", + "type": "relationship", + "created": "2020-09-15T15:18:12.398Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.398Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f", + "type": "relationship", + "created": "2019-09-04T15:38:56.799Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "modified": "2019-09-10T14:59:26.138Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72", + "type": "relationship", + "created": "2020-11-24T17:55:12.900Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.900Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6", + "created": "2020-04-08T15:51:25.125Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07", + "type": "relationship", + "created": "2020-11-10T17:08:35.634Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.634Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1", + "created": "2019-09-04T15:38:56.809Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35", + "type": "relationship", + "created": "2020-12-17T20:15:22.405Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-28T18:47:52.600Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8", + "created": "2022-03-30T19:54:24.468Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ", + "modified": "2022-03-30T19:55:15.724Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61", + "type": "relationship", + "created": "2020-01-27T17:05:58.201Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-03-26T20:50:07.154Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826", + "type": "relationship", + "created": "2020-06-26T15:32:25.050Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:32:25.050Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e", + "created": "2020-06-26T15:32:24.921Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184", + "created": "2022-03-30T17:53:56.805Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T17:53:56.805Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c", + "type": "relationship", + "created": "2020-09-11T16:22:03.296Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.296Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11", + "created": "2022-04-05T19:37:16.086Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:37:16.086Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59", + "created": "2020-11-24T18:18:33.743Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-15T17:39:22.154Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2", + "created": "2020-12-24T22:04:28.027Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-10-15T19:37:21.366Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8", + "created": "2019-11-21T16:42:48.437Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)", + "modified": "2022-04-15T19:47:48.036Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d", + "created": "2019-09-03T20:08:00.760Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)", + "modified": "2022-04-19T20:18:36.894Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16", + "created": "2022-03-30T14:43:46.034Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T14:43:46.034Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-RCSAndroid", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6", + "type": "relationship", + "created": "2020-10-29T17:48:27.332Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "modified": "2020-10-29T17:48:27.332Z", + "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e", + "created": "2020-10-29T17:48:27.380Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963", + "type": "relationship", + "created": "2019-09-03T19:45:48.494Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.179Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "source_name": "Kaspersky-Skygofree" + } + ], + "modified": "2019-08-09T18:08:07.144Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599", + "type": "relationship", + "created": "2020-07-20T13:27:33.512Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.531Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9", + "created": "2022-03-28T19:32:05.234Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.", + "modified": "2022-03-28T19:32:05.234Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044", + "type": "relationship", + "created": "2017-10-25T14:48:53.734Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2019-07-29T13:57:09.300Z", + "description": "Android 7.0 and higher includes additional protections against this technique.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-XcodeGhost", + "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/", + "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7", + "type": "relationship", + "created": "2019-10-15T19:33:42.204Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky-Skygofree", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/" + } + ], + "modified": "2019-10-15T19:33:42.204Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55", + "type": "relationship", + "created": "2020-04-24T17:46:31.603Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:46:31.603Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6", + "created": "2022-03-30T13:48:43.977Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security products can typically detect jailbroken or rooted devices. ", + "modified": "2022-03-30T13:48:43.977Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041", + "type": "relationship", + "created": "2017-10-25T14:48:53.742Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-06-24T15:08:18.481Z", + "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273", + "type": "relationship", + "created": "2019-09-15T15:26:22.926Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-06-24T15:02:13.533Z", + "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d716163d-2492-4088-9235-b2310312ba27", + "created": "2022-04-06T15:44:48.422Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:44:48.422Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4", + "created": "2022-04-06T15:28:20.249Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ", + "modified": "2022-04-06T15:28:20.249Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10", + "type": "relationship", + "created": "2020-06-26T15:32:25.074Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:32:25.074Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb", + "type": "relationship", + "created": "2019-07-10T15:35:43.710Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.842Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e", + "type": "relationship", + "created": "2019-09-03T19:45:48.496Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-10-14T16:47:53.226Z", + "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c", + "created": "2020-09-11T14:54:16.646Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8", + "created": "2022-04-05T19:49:59.027Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:49:59.027Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Tripwire-MazarBOT", + "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/", + "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331", + "created": "2022-03-30T15:08:13.679Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android-VerifiedBoot", + "url": "https://source.android.com/security/verifiedboot/", + "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ", + "modified": "2022-03-30T15:08:13.679Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f", + "type": "relationship", + "created": "2019-09-03T19:45:48.492Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-10-14T17:15:52.637Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404", + "created": "2022-04-01T15:17:21.511Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T15:17:21.511Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58", + "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe", + "type": "relationship", + "created": "2020-11-20T15:54:07.747Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T15:54:07.747Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365", + "created": "2019-09-04T14:28:15.950Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb", + "type": "relationship", + "created": "2020-10-29T19:21:23.162Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "modified": "2020-10-29T19:21:23.162Z", + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d", + "created": "2022-03-28T19:39:42.538Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-28T19:39:42.538Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23", + "type": "relationship", + "created": "2020-09-11T14:54:16.566Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T14:54:16.566Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3", + "created": "2020-07-20T13:27:33.486Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016", + "created": "2022-04-15T18:12:53.512Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Xiao-KeyRaider", + "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/", + "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407/) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)", + "modified": "2022-04-15T18:12:53.512Z", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545", + "created": "2019-09-23T13:36:08.429Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7", + "created": "2022-03-31T19:53:01.320Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-31T19:53:01.320Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2793d721-df10-4621-8387-f3342def59a1", + "created": "2022-03-30T18:14:36.786Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ", + "modified": "2022-03-30T18:14:36.786Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120", + "type": "relationship", + "created": "2019-07-10T15:47:19.659Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-07-16T15:35:21.086Z", + "description": "(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", + "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed", + "type": "relationship", + "created": "2020-12-24T21:45:56.982Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:45:56.982Z", + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650", + "created": "2019-07-10T15:35:43.663Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2", + "created": "2022-03-30T19:12:31.481Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:12:31.481Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", + "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622", + "created": "2020-07-15T20:20:59.280Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e", + "created": "2022-03-30T13:45:39.184Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation can often detect jailbroken or rooted devices.", + "modified": "2022-03-30T13:45:39.184Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341", + "type": "relationship", + "created": "2019-07-16T14:33:12.085Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "modified": "2020-04-27T16:52:49.480Z", + "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca", + "created": "2022-04-01T13:14:43.195Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T13:14:43.195Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3", + "created": "2020-11-24T17:55:12.830Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306", + "type": "relationship", + "created": "2020-05-07T15:33:32.778Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "modified": "2020-05-07T15:33:32.778Z", + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9", + "created": "2022-03-30T19:50:37.739Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:50:37.739Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9", + "created": "2020-09-11T14:54:16.649Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376", + "created": "2020-06-02T14:32:31.913Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Volexity Insomnia", + "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", + "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)", + "modified": "2022-04-19T20:20:20.149Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08", + "type": "relationship", + "created": "2020-12-31T18:25:05.177Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.177Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e", + "created": "2022-03-30T18:07:07.306Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ", + "modified": "2022-03-30T18:07:07.306Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3", + "created": "2022-04-05T19:38:18.760Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ", + "modified": "2022-04-05T19:38:18.760Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc", + "created": "2020-04-08T15:41:19.400Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)", + "modified": "2022-04-15T15:49:01.417Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228", + "created": "2022-04-01T18:44:46.780Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", + "modified": "2022-04-01T18:44:46.780Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35", + "created": "2020-09-14T13:35:45.886Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ESET-Twitoor", + "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6", + "type": "relationship", + "created": "2019-09-03T19:45:48.508Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.114Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817", + "created": "2019-09-20T18:03:57.062Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Android 10 Execute", + "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission", + "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)", + "modified": "2022-04-01T18:37:44.516Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396", + "type": "relationship", + "created": "2020-12-14T15:02:35.304Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T15:02:35.304Z", + "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2", + "created": "2020-04-24T17:46:31.589Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)", + "modified": "2022-04-19T20:05:42.315Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-DualToy", + "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.", + "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)", + "relationship_type": "uses", + "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e", + "type": "relationship", + "created": "2020-12-18T20:14:47.375Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T20:14:47.375Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-08-09T17:56:05.682Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d", + "created": "2020-12-17T20:15:22.496Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112", + "created": "2022-04-05T19:59:03.285Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:59:03.285Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", + "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9", + "created": "2020-07-20T13:27:33.509Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8", + "type": "relationship", + "created": "2020-04-24T17:46:31.613Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:46:31.613Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8", + "created": "2019-09-04T14:28:15.970Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60", + "created": "2020-11-24T17:55:12.828Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2", + "created": "2022-04-01T15:13:55.124Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be instructed to not open links in applications they don’t recognize.", + "modified": "2022-04-01T15:13:55.124Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb", + "created": "2020-11-10T17:08:35.846Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175", + "created": "2022-03-30T15:52:09.759Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation can often detect jailbroken or rooted devices.", + "modified": "2022-03-30T15:52:09.759Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c", + "created": "2019-08-09T18:02:06.688Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SuperMarioRun", + "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", + "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)", + "modified": "2022-05-20T17:13:16.507Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce", + "created": "2021-01-05T20:16:20.412Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d", + "created": "2020-07-15T20:20:59.380Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-18T19:18:24.378Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544", + "created": "2022-04-05T19:40:25.071Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:40:25.071Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a", + "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff", + "type": "relationship", + "created": "2019-09-04T14:28:16.478Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-10-14T17:52:48.001Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e", + "created": "2022-04-01T18:42:37.987Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.", + "modified": "2022-04-01T18:42:37.987Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Tripwire-MazarBOT", + "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/", + "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can intercept two-factor authentication codes sent by online banking apps.(Citation: Tripwire-MazarBOT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a", + "type": "relationship", + "created": "2020-11-10T17:08:35.713Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.713Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1", + "created": "2020-07-20T13:27:33.514Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d", + "created": "2022-03-30T20:13:40.625Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.", + "modified": "2022-03-30T20:13:40.625Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader", + "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" + } + ], + "modified": "2020-07-20T13:49:03.687Z", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f", + "created": "2019-11-21T19:16:34.776Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint SimBad 2019", + "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", + "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ArsTechnica-HummingWhale", + "url": "http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/", + "description": "Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January 24, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[HummingWhale](https://attack.mitre.org/software/S0321) generates revenue by displaying fraudulent ads and automatically installing apps. When victims try to close the ads, [HummingWhale](https://attack.mitre.org/software/S0321) runs in a virtual machine, creating a fake ID that allows the perpetrators to generate revenue.(Citation: ArsTechnica-HummingWhale)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + } + ], + "modified": "2019-08-09T17:52:31.748Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea", + "created": "2022-03-30T19:32:43.015Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.", + "modified": "2022-03-30T19:32:43.015Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f", + "type": "relationship", + "created": "2020-06-02T14:32:31.767Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Volexity Insomnia", + "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", + "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.767Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a", + "created": "2020-11-20T16:37:28.475Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d", + "type": "relationship", + "created": "2020-07-15T20:20:59.314Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.314Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28794,22 +19663,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196", + "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674", "type": "relationship", - "created": "2020-12-18T20:14:47.367Z", + "created": "2020-12-24T22:04:28.025Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-12-18T20:14:47.367Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)", + "modified": "2020-12-24T22:04:28.025Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)", "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28817,21 +19686,554 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d", "type": "relationship", - "created": "2020-09-11T14:54:16.582Z", + "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d", + "created": "2022-04-05T17:14:23.789Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:14:23.789Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80", + "created": "2022-03-30T19:33:05.375Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.", + "modified": "2022-03-30T19:33:05.375Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f", + "type": "relationship", + "created": "2020-06-02T14:32:31.878Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." } ], - "modified": "2020-09-11T14:54:16.582Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)", + "modified": "2020-06-02T14:32:31.878Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)", "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3", + "type": "relationship", + "created": "2020-05-04T14:04:56.189Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "modified": "2020-05-04T15:40:21.081Z", + "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396", + "created": "2022-04-20T17:46:43.542Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + }, + { + "source_name": "Bitdefender - Triout 2018", + "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", + "modified": "2022-04-20T17:46:43.542Z", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556", + "created": "2019-09-04T15:38:56.678Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "FlexiSpy-Features", + "url": "https://www.flexispy.com/en/features-overview.htm", + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." + }, + { + "source_name": "FortiGuard-FlexiSpy", + "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", + "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19", + "created": "2020-09-24T15:26:15.607Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)", + "modified": "2022-04-20T17:48:38.013Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859", + "type": "relationship", + "created": "2020-12-24T22:04:28.010Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.010Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788", + "created": "2020-05-07T15:33:32.903Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d", + "type": "relationship", + "created": "2020-01-21T15:30:39.335Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "modified": "2020-01-21T15:30:39.335Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d", + "type": "relationship", + "created": "2020-10-29T19:21:23.235Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "modified": "2020-10-29T19:21:23.235Z", + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023", + "type": "relationship", + "created": "2020-09-14T14:13:45.253Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-14T14:13:45.253Z", + "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9", + "created": "2022-04-01T13:19:41.207Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T13:19:41.207Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68", + "type": "relationship", + "created": "2020-12-24T21:45:56.979Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2021-04-19T14:29:46.650Z", + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409", + "created": "2020-06-26T15:32:25.146Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint Cerberus", + "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", + "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)", + "modified": "2022-04-20T16:37:46.192Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38", + "created": "2022-04-01T18:43:25.764Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.", + "modified": "2022-04-01T18:43:25.764Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) modifies the system partition to maintain persistence.(Citation: Lookout-Pegasus)", + "modified": "2022-04-15T16:01:53.756Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5", + "type": "relationship", + "created": "2020-09-15T15:18:12.417Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.417Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53", + "type": "relationship", + "created": "2020-07-15T20:20:59.318Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.318Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354", + "type": "relationship", + "created": "2021-09-20T13:42:21.104Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2021-09-27T18:05:43.107Z", + "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4088b31b-d542-4935-84b4-82b592159591", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-10-10T15:22:52.591Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c", + "created": "2017-10-25T14:48:53.747Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges. ", + "modified": "2022-03-30T20:32:46.334Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84", + "type": "relationship", + "created": "2019-07-10T15:35:43.708Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.797Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -28841,24 +20243,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c", - "created": "2020-11-24T17:55:12.883Z", + "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3", + "created": "2020-12-18T20:14:47.316Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)", - "modified": "2022-04-18T19:24:55.357Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28866,10 +20268,29 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0", "type": "relationship", - "created": "2020-12-24T21:55:56.692Z", + "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb", + "created": "2022-03-30T14:06:01.859Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation can often detect jailbroken or rooted devices.", + "modified": "2022-03-30T14:06:01.859Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d", + "created": "2020-12-24T21:45:56.969Z", + "x_mitre_version": "1.0", "external_references": [ { "source_name": "Lookout Uyghur Campaign", @@ -28877,10 +20298,206 @@ "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-12-24T21:55:56.692Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)", + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451", + "type": "relationship", + "created": "2019-10-10T15:03:27.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-10-10T15:03:27.682Z", + "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781", + "type": "relationship", + "created": "2020-04-24T15:06:33.503Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:06:33.503Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78", + "created": "2020-10-29T19:21:23.215Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)", + "modified": "2022-04-19T20:11:03.972Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420", + "type": "relationship", + "created": "2021-01-20T16:01:19.409Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Trend Micro Anubis", + "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", + "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." + } + ], + "modified": "2021-01-20T16:01:19.409Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304", + "type": "relationship", + "created": "2019-10-10T15:27:22.091Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-10-10T15:27:22.091Z", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56", + "created": "2019-09-03T20:08:00.737Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)", + "modified": "2022-04-15T17:39:08.123Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c", + "created": "2021-01-05T20:16:20.508Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd", + "type": "relationship", + "created": "2020-09-11T14:54:16.644Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T14:54:16.644Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -28889,25 +20506,71 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67", "type": "relationship", - "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6", - "created": "2021-04-26T15:33:55.905Z", + "created": "2020-09-11T16:22:03.250Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.250Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9", + "type": "relationship", + "created": "2020-12-24T21:55:56.753Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.753Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9", + "created": "2021-10-01T14:42:49.170Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "CitizenLab Circles", - "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/", - "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020." + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24", - "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -28915,25 +20578,914 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451", + "type": "relationship", + "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276", + "type": "relationship", + "created": "2021-09-24T14:47:34.449Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2021-10-04T20:08:48.556Z", + "description": "Mobile security products can often detect rooted devices.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f5d24a31-53d2-4e84-9110-2da0582132cb", + "created": "2020-05-07T15:33:32.936Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Agent Smith](https://attack.mitre.org/software/S0440)’s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)", + "modified": "2022-04-15T16:44:17.145Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d", "type": "relationship", "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "FireEye-RuMMS", - "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.", - "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-08-09T17:53:48.760Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-XcodeGhost", + "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/" } ], "modified": "2018-10-17T00:14:20.652Z", - "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)", + "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)", "relationship_type": "uses", - "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", + "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213", + "created": "2022-04-20T17:31:58.697Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2022-04-20T17:31:58.697Z", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SuperMarioRun", + "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", + "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)", + "modified": "2022-05-20T17:13:16.509Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6", + "type": "relationship", + "created": "2020-07-15T20:20:59.296Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.296Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223", + "type": "relationship", + "created": "2020-11-20T16:37:28.610Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.610Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018", + "type": "relationship", + "created": "2019-09-04T14:28:15.941Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:12.589Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af", + "created": "2022-04-01T15:29:36.082Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications", + "modified": "2022-04-01T15:29:36.082Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087", + "type": "relationship", + "created": "2020-10-29T19:20:58.116Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "modified": "2020-10-29T19:20:58.116Z", + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2", + "created": "2022-04-08T16:29:55.322Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-08T16:29:55.322Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6", + "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69", + "created": "2019-10-14T19:14:18.673Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Group IB Gustuff Mar 2019", + "url": "https://www.group-ib.com/blog/gustuff", + "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15", + "type": "relationship", + "created": "2020-04-24T15:06:33.319Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:06:33.319Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6", + "type": "relationship", + "created": "2020-07-15T20:20:59.316Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.316Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a", + "created": "2020-07-27T14:14:56.996Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64", + "type": "relationship", + "created": "2020-09-11T16:22:03.298Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.298Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e", + "type": "relationship", + "created": "2019-07-10T15:25:57.623Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" + } + ], + "modified": "2019-08-12T17:30:07.568Z", + "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f", + "created": "2022-04-01T18:49:19.284Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.", + "modified": "2022-04-01T18:49:19.284Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd", + "type": "relationship", + "created": "2019-07-10T15:35:43.699Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.839Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014", + "type": "relationship", + "created": "2019-08-05T13:22:03.917Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.873Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)", + "modified": "2022-04-15T16:03:04.364Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195", + "created": "2019-10-18T14:50:57.473Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "OS security updates typically contain exploit patches when disclosed.", + "modified": "2022-03-28T19:20:44.337Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530", + "type": "relationship", + "created": "2020-01-27T17:05:58.213Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.213Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-RCSAndroid", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083", + "type": "relationship", + "created": "2020-07-20T13:27:33.483Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.688Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e", + "created": "2021-02-08T16:36:20.630Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-BrainTest", + "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/", + "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac", + "type": "relationship", + "created": "2020-01-27T17:05:58.237Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.237Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63", + "type": "relationship", + "created": "2020-05-07T15:24:49.530Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-05-27T13:23:34.536Z", + "description": "Security updates frequently contain patches to vulnerabilities.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476", + "created": "2022-03-31T19:51:15.415Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android Package Visibility", + "url": "https://developer.android.com/training/package-visibility", + "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", + "modified": "2022-04-11T19:19:34.658Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6", + "type": "relationship", + "created": "2019-11-21T16:42:48.501Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "source_name": "SecureList - ViceLeaker 2019" + }, + { + "source_name": "Bitdefender - Triout 2018", + "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + } + ], + "modified": "2020-01-21T14:20:50.492Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645", + "type": "relationship", + "created": "2021-02-08T16:36:20.655Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.410Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c", + "type": "relationship", + "created": "2019-09-04T15:38:56.946Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "FlexiSpy-Features", + "url": "https://www.flexispy.com/en/features-overview.htm", + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." + } + ], + "modified": "2019-09-10T14:59:26.136Z", + "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046", + "created": "2022-04-05T17:14:35.469Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:14:35.469Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4", + "created": "2022-03-28T19:30:27.364Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.", + "modified": "2022-03-28T19:30:27.364Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", + "source_name": "Wandera-RedDrop" + } + ], + "modified": "2019-10-15T19:27:27.997Z", + "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-10-15T19:37:21.273Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -28965,23 +21517,42 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024", - "created": "2022-04-15T18:11:06.097Z", - "x_mitre_version": "0.1", + "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443", + "created": "2020-07-20T13:49:03.676Z", + "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Skycure-Profiles", - "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/", - "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016." + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288/) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)", - "modified": "2022-04-15T18:11:06.097Z", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)", + "modified": "2022-04-20T17:58:16.567Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745", + "created": "2022-03-30T17:54:56.603Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T17:54:56.603Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -28990,68 +21561,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e", + "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3", "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", + "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" + "source_name": "NYTimes-BackDoor", + "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.", + "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html" } ], - "modified": "2019-08-09T17:56:05.642Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)", + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)", "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4", - "type": "relationship", - "created": "2019-09-03T19:45:48.485Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.117Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b", - "type": "relationship", - "created": "2020-04-08T15:41:19.321Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2021-09-20T13:50:02.057Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29060,23 +21585,23 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469", - "created": "2020-04-24T15:06:33.526Z", + "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39", + "created": "2020-12-14T15:02:35.294Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)", + "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -29086,50 +21611,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b", - "created": "2017-12-14T16:46:06.044Z", + "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d", + "created": "2020-09-29T13:24:15.234Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Gooligan Citation", - "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/", - "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016." + "source_name": "Lookout-Dendroid", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b", - "created": "2020-11-24T18:18:33.772Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29137,441 +21636,9 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a", + "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e", "type": "relationship", - "created": "2019-08-09T17:53:48.716Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" - } - ], - "modified": "2019-08-09T17:53:48.716Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e", - "type": "relationship", - "created": "2020-06-02T14:32:31.875Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.875Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327", - "created": "2022-04-01T18:53:48.715Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T18:53:48.715Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92", - "created": "2020-11-10T17:08:35.831Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-18T16:02:42.303Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3", - "created": "2020-04-08T15:41:19.404Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643", - "created": "2020-09-14T13:35:45.909Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ESET-Twitoor", - "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", - "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)", - "modified": "2022-04-20T12:58:23.550Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", - "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de", - "type": "relationship", - "created": "2020-11-20T15:46:51.603Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T15:46:51.603Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2", - "created": "2020-07-27T14:14:57.020Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)", - "modified": "2022-04-15T15:53:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-07-16T15:35:21.063Z", - "description": "(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", - "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler-SpyNote", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" - } - ], - "modified": "2019-10-10T15:24:09.355Z", - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)", - "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e", - "created": "2022-04-01T17:05:56.046Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ", - "modified": "2022-04-01T17:05:56.046Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2", - "created": "2017-10-25T14:48:53.742Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.", - "modified": "2022-04-01T15:34:50.556Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", - "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2", - "created": "2020-07-15T20:20:59.375Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-15T15:46:05.503Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94", - "created": "2022-04-15T17:52:24.125Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-15T17:52:24.125Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb", - "created": "2022-04-06T15:41:03.981Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:41:03.981Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", - "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d", - "type": "relationship", - "created": "2019-09-03T19:45:48.505Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.178Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-NotCompatible", - "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.", - "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)", - "relationship_type": "uses", - "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", - "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc", - "type": "relationship", - "created": "2020-06-02T14:32:31.871Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-24T18:24:35.795Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886", - "type": "relationship", - "created": "2021-02-17T20:43:52.274Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.274Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089", - "type": "relationship", - "created": "2020-04-24T15:12:11.189Z", + "created": "2020-04-24T15:06:33.519Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -29580,11 +21647,34 @@ "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." } ], - "modified": "2020-04-24T15:12:11.189Z", - "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2020-04-24T15:06:33.519Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)", "relationship_type": "uses", - "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e", + "type": "relationship", + "created": "2019-09-03T20:08:00.757Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "source_name": "Talos Gustuff Apr 2019" + } + ], + "modified": "2019-09-15T15:35:33.380Z", + "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29593,8 +21683,474 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1", - "created": "2019-07-10T15:35:43.661Z", + "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414", + "created": "2019-10-18T14:50:57.521Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ", + "modified": "2022-03-30T20:08:17.127Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61", + "type": "relationship", + "created": "2020-04-24T15:06:33.495Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:06:33.495Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03", + "type": "relationship", + "created": "2020-11-10T16:50:39.134Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2021-04-19T15:40:36.387Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c", + "type": "relationship", + "created": "2020-01-27T17:05:58.273Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.273Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab", + "created": "2022-04-11T20:06:38.811Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.", + "modified": "2022-04-11T20:06:38.811Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531", + "type": "relationship", + "created": "2019-08-07T15:57:13.417Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "modified": "2019-09-15T15:36:42.340Z", + "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader", + "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" + } + ], + "modified": "2020-07-20T13:49:03.710Z", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c", + "type": "relationship", + "created": "2019-07-16T14:33:12.117Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "modified": "2020-04-27T16:52:49.643Z", + "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33", + "type": "relationship", + "created": "2020-09-11T15:45:38.450Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-09-11T15:45:38.450Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SpyNote", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "source_name": "Kaspersky-Skygofree" + } + ], + "modified": "2019-08-09T18:08:07.173Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632", + "created": "2019-08-07T15:57:13.441Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d", + "type": "relationship", + "created": "2020-07-15T20:20:59.294Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.294Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e", + "created": "2022-04-05T17:03:34.941Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:03:34.941Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390", + "type": "relationship", + "created": "2019-08-09T18:08:07.109Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", + "source_name": "Kaspersky-Skygofree" + } + ], + "modified": "2019-08-09T18:08:07.109Z", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)", + "relationship_type": "uses", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be", + "created": "2021-02-17T20:43:52.337Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-BrainTest", + "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/", + "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)", + "modified": "2022-04-15T15:59:32.511Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500", + "type": "relationship", + "created": "2020-09-15T15:18:12.394Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.394Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435", + "created": "2022-04-05T19:51:08.770Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android 12 Features", + "url": "https://developer.android.com/about/versions/12/features", + "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", + "modified": "2022-04-05T19:51:08.770Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d", + "created": "2019-07-10T15:35:43.658Z", "x_mitre_version": "1.0", "external_references": [ { @@ -29605,12 +22161,12 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-19T14:25:41.669Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29618,22 +22174,48 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb", "type": "relationship", - "created": "2020-12-17T20:15:22.444Z", + "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072", + "created": "2021-10-01T14:42:49.171Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)", + "modified": "2022-04-18T19:01:58.546Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257", + "type": "relationship", + "created": "2020-10-29T17:48:27.469Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." } ], - "modified": "2020-12-17T20:15:22.444Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)", + "modified": "2020-10-29T17:48:27.469Z", + "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)", "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29642,16 +22224,253 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc", - "created": "2022-04-01T13:18:40.460Z", + "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4", + "created": "2020-09-15T15:18:12.362Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394", + "created": "2021-02-08T16:36:20.639Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523", + "type": "relationship", + "created": "2020-11-24T17:55:12.820Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.820Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9", + "created": "2021-01-05T20:16:20.500Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb", + "created": "2020-09-11T16:22:03.294Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134", + "created": "2020-05-04T14:04:56.158Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c", + "type": "relationship", + "created": "2019-09-03T19:45:48.512Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.210Z", + "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80", + "type": "relationship", + "created": "2020-07-20T13:49:03.692Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + } + ], + "modified": "2020-09-24T15:12:24.191Z", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd", + "type": "relationship", + "created": "2019-10-10T15:22:52.545Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-RCSAndroid", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/" + } + ], + "modified": "2019-10-10T15:22:52.545Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865", + "created": "2022-04-06T15:50:42.481Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ", - "modified": "2022-04-01T13:18:40.460Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "description": "", + "modified": "2022-04-06T15:50:42.481Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -29660,21 +22479,203 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab", + "type": "relationship", + "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47", + "created": "2022-04-01T17:08:41.293Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ", + "modified": "2022-04-01T17:08:41.293Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73", + "created": "2020-12-31T18:25:05.162Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8", "type": "relationship", "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "TrendMicro-Obad", - "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/" + "source_name": "Lookout-EnterpriseApps", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], "modified": "2018-10-17T00:14:20.652Z", - "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)", + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)", "relationship_type": "uses", - "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", + "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-08-09T17:59:49.021Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb", + "created": "2020-12-14T14:52:03.184Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41", + "created": "2020-12-14T15:02:35.208Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)", + "modified": "2022-04-19T20:11:55.606Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080", + "type": "relationship", + "created": "2020-12-17T20:15:22.498Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.498Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--17558571-7352-470b-b728-0511fb3f699d", + "type": "relationship", + "created": "2019-10-18T15:51:48.484Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-06-24T15:02:13.534Z", + "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd", + "type": "relationship", + "created": "2019-09-04T15:38:56.597Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.", + "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", + "source_name": "FortiGuard-FlexiSpy" + } + ], + "modified": "2019-09-10T14:59:25.979Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -29684,8 +22685,363 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b", - "created": "2020-07-15T20:20:59.307Z", + "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f", + "created": "2020-06-24T18:24:35.707Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5", + "type": "relationship", + "created": "2020-11-24T17:55:12.897Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.897Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193", + "created": "2021-10-01T14:42:49.152Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78", + "type": "relationship", + "created": "2019-10-10T15:17:00.972Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.", + "url": "https://www.flexispy.com/en/features-overview.htm", + "source_name": "FlexiSpy-Features" + } + ], + "modified": "2019-10-14T18:08:28.666Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe", + "type": "relationship", + "created": "2019-12-10T16:07:41.093Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "modified": "2019-12-10T16:07:41.093Z", + "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3", + "created": "2019-07-10T15:35:43.712Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd", + "created": "2022-04-01T18:50:00.027Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T18:50:00.027Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484", + "created": "2020-04-24T17:46:31.616Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9", + "created": "2020-04-08T15:51:25.149Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87", + "type": "relationship", + "created": "2020-05-04T14:04:56.217Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "modified": "2020-05-04T15:40:21.305Z", + "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d", + "created": "2022-03-30T19:14:20.374Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:14:20.374Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa", + "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7", + "type": "relationship", + "created": "2020-12-14T15:02:35.230Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T15:02:35.230Z", + "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + } + ], + "modified": "2019-08-09T17:52:31.848Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-WireLurker", + "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.", + "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)", + "relationship_type": "uses", + "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6", + "created": "2020-01-21T14:20:50.409Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender - Triout 2018", + "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630", + "created": "2020-07-15T20:20:59.300Z", "x_mitre_version": "1.0", "external_references": [ { @@ -29696,15 +23052,90 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956", + "created": "2020-11-24T17:55:12.873Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ", + "modified": "2022-04-19T20:04:57.164Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03", + "created": "2020-12-24T21:45:56.962Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82", + "type": "relationship", + "created": "2020-09-11T16:22:03.301Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.301Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -29731,32 +23162,6 @@ "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51", - "created": "2020-12-14T14:52:03.359Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-19T20:20:46.694Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -29781,24 +23186,17 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f", - "created": "2021-01-20T16:01:19.488Z", + "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2", + "created": "2017-10-25T14:48:53.742Z", "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Anubis", - "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", - "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." - } - ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.", + "modified": "2022-04-01T15:34:50.556Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", + "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -29806,227 +23204,51 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879", "type": "relationship", - "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a", - "created": "2020-10-29T19:21:23.143Z", + "created": "2019-09-04T14:28:16.426Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:13.000Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2", + "created": "2020-07-15T20:20:59.375Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-15T15:46:05.503Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d", - "type": "relationship", - "created": "2021-09-20T13:54:19.957Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-09-20T13:54:19.957Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-Xbot", - "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", - "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd", - "created": "2021-01-05T20:16:20.488Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0", - "created": "2020-12-31T18:25:05.164Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)", - "modified": "2022-04-15T15:16:53.317Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038", - "type": "relationship", - "created": "2020-12-24T21:45:56.961Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:45:56.961Z", - "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc", - "created": "2021-10-01T14:42:49.174Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)", - "modified": "2022-04-15T15:52:38.253Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a", - "created": "2020-11-20T16:37:28.591Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)", - "modified": "2022-04-19T20:06:25.036Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec", - "type": "relationship", - "created": "2020-05-07T15:33:32.945Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." - } - ], - "modified": "2020-05-07T15:33:32.945Z", - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)", - "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -30058,130 +23280,16 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FireEye-RuMMS", - "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html", - "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)", - "modified": "2022-04-19T20:09:40.582Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66", - "created": "2019-10-01T14:23:44.054Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ", - "modified": "2022-04-18T16:07:57.631Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" - } - ], - "modified": "2019-08-09T17:52:31.848Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694", - "type": "relationship", - "created": "2019-11-19T17:32:20.701Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2019-12-26T16:14:33.468Z", - "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4", - "type": "relationship", - "created": "2021-03-25T16:39:40.200Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2021-03-25T16:39:40.200Z", - "description": "(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192", - "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6", - "created": "2022-04-01T14:59:53.782Z", + "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133", + "created": "2022-03-30T20:31:41.927Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Device attestation can often detect jailbroken devices.", - "modified": "2022-04-01T14:59:53.782Z", + "description": "New OS releases frequently contain additional limitations or controls around device location access.", + "modified": "2022-03-30T20:31:41.927Z", "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -30190,46 +23298,19 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1", "type": "relationship", - "created": "2020-07-20T13:49:03.693Z", + "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb", + "created": "2022-04-06T15:41:03.981Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:41:03.981Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", + "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", + "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], - "modified": "2020-09-24T15:12:24.242Z", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c", - "type": "relationship", - "created": "2019-12-10T16:07:41.078Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "modified": "2019-12-10T16:07:41.078Z", - "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -30237,24 +23318,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58", - "created": "2017-12-14T16:46:06.044Z", + "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809", + "created": "2020-01-27T17:05:58.305Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Zscaler-SpyNote", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." + "source_name": "Trend Micro Bouncing Golf 2019", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -30263,115 +23344,50 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7", - "created": "2020-11-24T17:55:12.889Z", + "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca", + "created": "2019-09-03T19:45:48.510Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7", - "type": "relationship", - "created": "2020-12-31T18:25:05.125Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.125Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15", - "type": "relationship", - "created": "2021-09-24T14:47:34.447Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2021-10-04T20:08:48.439Z", - "description": "Device attestation can often detect rooted devices.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" - } - ], - "modified": "2019-08-09T17:53:48.783Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-EnterpriseApps", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ", "modified": "2022-04-19T14:25:41.669Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089", + "type": "relationship", + "created": "2020-04-24T15:12:11.189Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:12:11.189Z", + "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -30408,138 +23424,18 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e", - "created": "2022-03-30T18:15:03.625Z", + "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7", + "created": "2022-04-01T14:59:17.991Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "", - "modified": "2022-03-30T18:15:03.625Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083", - "created": "2020-01-27T17:05:58.331Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Bouncing Golf 2019", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)", - "modified": "2022-04-20T17:39:12.403Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747", - "created": "2022-03-30T19:51:56.543Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T19:51:56.543Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936", - "created": "2019-08-29T18:57:55.926Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Samsung Keyboards", - "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-", - "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ", - "modified": "2022-04-05T19:41:57.905Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ", + "modified": "2022-04-01T14:59:17.991Z", "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a", - "type": "relationship", - "created": "2020-09-24T15:34:51.244Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" - } - ], - "modified": "2020-09-24T15:34:51.244Z", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -30547,507 +23443,23 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1", - "created": "2019-09-04T15:38:57.037Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FlexiSpy-Features", - "url": "https://www.flexispy.com/en/features-overview.htm", - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)", - "modified": "2022-04-15T17:34:17.813Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236", + "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005", "created": "2018-10-17T00:14:20.652Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Proofpoint-Marcher", - "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks", - "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018." + "source_name": "Kaspersky-Skygofree", + "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", + "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Zscaler-SpyNote", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" - } - ], - "modified": "2019-10-10T15:24:09.248Z", - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)", - "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--44da429b-9dee-43c9-9397-445c6f9e647e", - "created": "2022-03-30T19:54:59.651Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android includes system partition integrity mechanisms that could detect unauthorized modifications. ", - "modified": "2022-03-30T19:54:59.651Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27", - "type": "relationship", - "created": "2020-07-20T13:27:33.488Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.704Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120", - "type": "relationship", - "created": "2020-07-27T14:14:56.962Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "modified": "2020-08-10T22:18:20.747Z", - "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696", - "created": "2022-03-28T19:38:23.189Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-28T19:38:23.190Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f", - "created": "2020-09-11T14:54:16.642Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "PaloAlto-WireLurker", - "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.", - "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[WireLurker](https://attack.mitre.org/software/S0312) obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.(Citation: PaloAlto-WireLurker)", - "relationship_type": "uses", - "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b", - "created": "2022-04-06T13:52:37.470Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be cautioned against granting administrative access to applications.", - "modified": "2022-04-06T13:52:37.470Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467", - "created": "2022-04-11T20:06:56.034Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-11T20:06:56.034Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d", - "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd", - "created": "2019-08-07T15:57:13.409Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)", - "modified": "2022-04-19T20:05:59.204Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67", - "type": "relationship", - "created": "2020-09-11T16:22:03.250Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.250Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0", - "type": "relationship", - "created": "2020-12-14T14:52:03.396Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-16T20:52:21.426Z", - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e", - "type": "relationship", - "created": "2019-09-23T13:36:08.386Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "source_name": "securelist rotexy 2018" - } - ], - "modified": "2019-09-23T13:36:08.386Z", - "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b", - "created": "2022-04-01T16:51:04.584Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "GoogleIO2016", - "url": "https://www.youtube.com/watch?v=XZzLjllizYs", - "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)", - "modified": "2022-04-01T16:51:04.584Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879", - "type": "relationship", - "created": "2019-09-04T14:28:16.426Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:13.000Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7", - "created": "2020-07-20T13:27:33.440Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a", - "type": "relationship", - "created": "2020-12-24T21:55:56.726Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T21:55:56.726Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187", - "created": "2020-09-14T14:13:45.236Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd", - "created": "2022-04-01T18:50:00.027Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T18:50:00.027Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)", + "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)", "modified": "2022-04-19T14:25:41.669Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -31057,24 +23469,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1", - "created": "2020-10-29T17:48:27.272Z", + "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad", + "created": "2020-12-24T21:55:56.752Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-15T16:53:00.735Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-19T16:32:53.368Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31082,97 +23494,30 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e", + "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77", "type": "relationship", - "created": "2021-02-08T16:36:20.692Z", + "created": "2020-06-26T15:32:25.035Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + }, + { + "source_name": "CheckPoint Cerberus", + "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", + "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." } ], - "modified": "2021-05-24T13:16:56.443Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "modified": "2020-06-26T15:32:25.035Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)", "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699", - "created": "2020-04-24T15:06:33.393Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33", - "type": "relationship", - "created": "2020-09-11T15:45:38.450Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-09-11T15:45:38.450Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe", - "type": "relationship", - "created": "2019-12-10T16:07:41.093Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "modified": "2019-12-10T16:07:41.093Z", - "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -31226,19 +23571,46 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f", "type": "relationship", - "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1", - "created": "2022-04-05T19:48:31.354Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:48:31.354Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "x_mitre_attack_spec_version": "2.1.0", + "created": "2020-12-24T22:04:28.005Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.005Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9", + "type": "relationship", + "created": "2020-09-11T15:52:12.520Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-09-11T15:52:12.520Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -31246,24 +23618,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0", - "created": "2019-08-07T15:57:13.453Z", + "id": "relationship--ac523dfb-36be-4402-acf2-abe98e183eef", + "created": "2017-12-14T16:46:06.044Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + "source_name": "ArsTechnica-HummingBad", + "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/", + "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "In July 2016, [HummingBad](https://attack.mitre.org/software/S0322) generated more than $300,000 per month in revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)", + "modified": "2022-04-19T14:25:41.669Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31271,18 +23643,71 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7", "type": "relationship", - "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3", "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", + "source_name": "Wandera-RedDrop" + } + ], + "modified": "2019-10-15T19:56:13.162Z", + "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-Obad", + "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)", + "relationship_type": "uses", + "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5", + "created": "2019-08-08T18:47:57.655Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Android 10 Privacy Changes", + "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", + "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019." + } + ], "x_mitre_deprecated": false, "revoked": false, - "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ", - "modified": "2022-03-28T19:20:30.375Z", + "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ", + "modified": "2022-04-01T16:35:38.189Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31290,48 +23715,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3", "type": "relationship", - "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b", - "created": "2021-01-05T20:16:20.492Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce", - "type": "relationship", - "created": "2020-12-18T20:14:47.339Z", + "created": "2020-01-27T17:05:58.215Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" } ], - "modified": "2020-12-18T20:14:47.339Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)", + "modified": "2020-01-27T17:05:58.215Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)", "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31339,41 +23738,23 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a", + "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb", "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", + "created": "2020-12-17T20:15:22.444Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d", - "created": "2019-09-03T19:45:48.487Z", - "x_mitre_version": "1.0", "external_references": [ { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-12-17T20:15:22.444Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)", "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -31381,8 +23762,8 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b", - "created": "2020-09-11T14:54:16.638Z", + "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f", + "created": "2020-09-11T14:54:16.642Z", "x_mitre_version": "1.0", "external_references": [ { @@ -31393,11 +23774,37 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)", + "description": "If running on a Huawei device, [Desert Scorpion](https://attack.mitre.org/software/S0505) adds itself to the protected apps list, which allows it to run with the screen off.(Citation: Lookout Desert Scorpion)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57", + "created": "2020-11-24T17:55:12.826Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can wipe the device.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -31406,9 +23813,79 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e", "type": "relationship", - "created": "2020-12-24T21:55:56.745Z", + "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a", + "created": "2022-03-30T15:52:29.935Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security products can potentially detect jailbroken or rooted devices.", + "modified": "2022-03-30T15:52:29.935Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765", + "type": "relationship", + "created": "2019-11-21T16:42:48.456Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "source_name": "SecureList - ViceLeaker 2019" + }, + { + "source_name": "Bitdefender - Triout 2018", + "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + } + ], + "modified": "2020-01-21T14:20:50.455Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232", + "type": "relationship", + "created": "2020-07-20T13:27:33.443Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.526Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d", + "type": "relationship", + "created": "2021-09-20T13:54:19.957Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -31417,11 +23894,11 @@ "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-12-24T21:55:56.745Z", - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)", + "modified": "2021-09-20T13:54:19.957Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)", "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31429,21 +23906,70 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d", + "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a", + "type": "relationship", + "created": "2020-12-24T22:04:28.017Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.017Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SpyNote", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e", "type": "relationship", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "source_name": "Kaspersky-Skygofree" + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" } ], - "modified": "2019-08-09T18:08:07.183Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)", + "modified": "2019-08-09T17:56:05.642Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)", "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -31452,19 +23978,23 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b", "type": "relationship", - "id": "relationship--1db350b2-1e8b-4d58-9086-eac41de1b110", - "created": "2022-04-05T17:13:56.584Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:13:56.584Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", - "x_mitre_attack_spec_version": "2.1.0", + "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-10-15T19:44:36.125Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -31472,24 +24002,99 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1", + "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92", + "created": "2020-11-10T17:08:35.831Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-18T16:02:42.303Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b", + "type": "relationship", + "created": "2020-04-08T15:41:19.321Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2021-09-20T13:50:02.057Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576", + "created": "2020-12-24T22:04:27.991Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33", "created": "2017-12-14T16:46:06.044Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Lookout-BrainTest", - "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/", - "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016." + "source_name": "Lookout-EnterpriseApps", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)", - "modified": "2022-04-15T15:59:32.511Z", + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31498,24 +24103,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f", - "created": "2020-10-29T19:01:13.839Z", + "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469", + "created": "2020-04-24T15:06:33.526Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Microsoft MalLockerB", - "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", - "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", - "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31542,6 +24147,101 @@ "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7", + "type": "relationship", + "created": "2020-07-20T13:27:33.461Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.686Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae", + "created": "2020-12-24T22:04:27.902Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-20T17:35:38.895Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3", + "type": "relationship", + "created": "2020-09-11T14:54:16.615Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T14:54:16.615Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e", + "type": "relationship", + "created": "2020-06-02T14:32:31.875Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.875Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -31573,40 +24273,47 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31", - "created": "2022-04-06T13:41:17.517Z", - "x_mitre_version": "0.1", + "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02", + "created": "2020-06-26T15:32:25.144Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint Cerberus", + "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", + "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." + } + ], "x_mitre_deprecated": false, "revoked": false, - "description": "", - "modified": "2022-04-06T13:41:17.517Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb", - "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6", - "x_mitre_attack_spec_version": "2.1.0", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)", + "modified": "2022-04-19T20:12:22.454Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e", + "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d", "type": "relationship", - "created": "2019-09-03T20:08:00.757Z", + "created": "2021-01-05T20:16:20.499Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." } ], - "modified": "2019-09-15T15:35:33.380Z", - "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)", + "modified": "2021-01-05T20:16:20.499Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)", "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31615,17 +24322,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea", - "created": "2019-10-18T14:52:53.193Z", + "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070", + "created": "2020-12-18T20:14:47.302Z", "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], "x_mitre_deprecated": false, "revoked": false, - "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ", - "modified": "2022-03-30T20:07:50.094Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)", + "modified": "2022-04-18T19:18:56.475Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31633,10 +24347,10 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850", "type": "relationship", - "created": "2020-11-20T16:37:28.524Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99", + "created": "2020-11-20T15:44:57.481Z", + "x_mitre_version": "1.0", "external_references": [ { "source_name": "Symantec GoldenCup", @@ -31644,63 +24358,14 @@ "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." } ], - "modified": "2020-11-20T16:37:28.524Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3", - "created": "2020-07-15T20:20:59.287Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)", - "modified": "2022-04-15T15:57:54.150Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--34351abd-1f58-420a-a893-ad822839815d", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31708,25 +24373,124 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a", + "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15", + "type": "relationship", + "created": "2021-09-24T14:47:34.447Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2021-10-04T20:08:48.439Z", + "description": "Device attestation can often detect rooted devices.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa", "type": "relationship", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431", + "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56", + "created": "2017-10-25T14:48:53.738Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ", + "modified": "2022-04-01T13:51:48.934Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4", + "type": "relationship", + "created": "2021-10-01T14:42:48.815Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "source_name": "Kaspersky-Skygofree" + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." } ], - "modified": "2019-08-09T18:08:07.145Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)", + "modified": "2021-10-01T14:42:48.815Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)", "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c", + "type": "relationship", + "created": "2019-12-10T16:07:41.078Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "modified": "2019-12-10T16:07:41.078Z", + "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06", + "created": "2020-09-11T16:22:03.269Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -31754,118 +24518,49 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f", "type": "relationship", - "created": "2019-08-07T15:57:13.415Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "modified": "2019-09-15T15:36:42.339Z", - "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e", + "created": "2020-12-14T15:02:35.291Z", "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15", - "type": "relationship", - "created": "2020-04-24T15:06:33.319Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.319Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081", - "type": "relationship", - "created": "2019-09-04T14:28:16.000Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:12.856Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695", - "type": "relationship", - "created": "2021-02-08T16:36:20.799Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "modified": "2021-05-24T13:16:56.589Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f", - "created": "2022-03-30T14:49:47.451Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android-VerifiedBoot", - "url": "https://source.android.com/security/verifiedboot/", - "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016." + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ", - "modified": "2022-03-30T14:49:47.451Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", + "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c", + "type": "relationship", + "created": "2020-12-17T20:15:22.489Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.489Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -31873,16 +24568,16 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791", - "created": "2022-03-30T19:33:17.520Z", + "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b", + "created": "2022-03-30T20:48:00.360Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.", - "modified": "2022-03-30T19:33:17.520Z", + "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.", + "modified": "2022-03-30T20:48:00.360Z", "relationship_type": "mitigates", "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -31892,24 +24587,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d", - "created": "2020-06-26T14:55:13.385Z", + "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b", + "created": "2020-07-15T20:20:59.307Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)", - "modified": "2022-04-15T17:39:39.931Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31917,22 +24612,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254", + "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8", "type": "relationship", - "created": "2021-02-08T16:36:20.701Z", + "created": "2019-09-04T15:38:56.994Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + "source_name": "FlexiSpy-Features", + "url": "https://www.flexispy.com/en/features-overview.htm", + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." } ], - "modified": "2021-05-24T13:16:56.399Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "modified": "2019-09-10T14:59:26.171Z", + "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ", "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -31940,10 +24635,56 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea", "type": "relationship", - "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be", - "created": "2021-02-17T20:43:52.337Z", + "created": "2020-07-15T20:20:59.377Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.377Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3", + "type": "relationship", + "created": "2019-09-04T15:38:56.786Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "modified": "2019-09-10T14:59:26.139Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886", + "type": "relationship", + "created": "2021-02-17T20:43:52.274Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "Lookout FrozenCell", @@ -31951,75 +24692,11 @@ "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2021-02-17T20:43:52.274Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)", "relationship_type": "uses", "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195", - "created": "2019-10-18T14:50:57.473Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "OS security updates typically contain exploit patches when disclosed.", - "modified": "2022-03-28T19:20:44.337Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438", - "created": "2022-03-30T20:07:19.296Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T20:07:19.296Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500", - "type": "relationship", - "created": "2020-09-15T15:18:12.394Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.394Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32027,332 +24704,49 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3", "type": "relationship", - "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68", - "created": "2020-06-26T14:55:13.311Z", - "x_mitre_version": "1.0", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" } ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2019-08-09T17:52:31.854Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)", "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733", - "created": "2021-10-01T14:42:49.154Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631", - "type": "relationship", - "created": "2020-11-24T17:55:12.885Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.885Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016", - "created": "2019-09-23T13:36:08.335Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7", - "created": "2022-03-31T19:53:01.320Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-31T19:53:01.320Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476", - "created": "2022-03-31T19:51:15.415Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Android Package Visibility", - "url": "https://developer.android.com/training/package-visibility", - "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", - "modified": "2022-04-11T19:19:34.658Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4", - "type": "relationship", - "created": "2020-04-08T15:41:19.340Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cofense Anubis", - "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", - "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T18:55:29.238Z", - "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)", - "relationship_type": "uses", - "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", - "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e", - "type": "relationship", - "created": "2020-12-18T20:14:47.375Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "modified": "2020-12-18T20:14:47.375Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { + "type": "relationship", + "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5", + "created": "2022-09-30T19:23:02.689Z", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "type": "relationship", - "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6", - "created": "2022-04-20T17:36:25.707Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-20T17:36:25.707Z", + "modified": "2022-09-30T19:23:02.689Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)", "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9", - "created": "2021-10-01T14:42:49.170Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_version": "0.1", "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0", - "created": "2019-09-04T20:01:42.722Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ", - "modified": "2022-04-01T13:32:19.919Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6", - "type": "relationship", - "created": "2020-10-29T17:48:27.225Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T17:48:27.225Z", - "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f", - "type": "relationship", - "created": "2020-09-11T14:54:16.640Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.640Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can encrypt exfiltrated data.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e", - "type": "relationship", - "created": "2020-01-14T17:47:08.826Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList DVMap June 2017", - "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", - "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." - } - ], - "modified": "2020-01-14T17:47:08.826Z", - "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)", - "relationship_type": "uses", - "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -32386,41 +24780,51 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4", - "created": "2022-04-05T19:38:41.538Z", - "x_mitre_version": "0.1", + "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a", + "created": "2020-11-20T16:37:28.591Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], "x_mitre_deprecated": false, "revoked": false, - "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ", - "modified": "2022-04-05T19:38:41.538Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", - "x_mitre_attack_spec_version": "2.1.0", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)", + "modified": "2022-04-19T20:06:25.036Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac", "type": "relationship", - "created": "2020-01-27T17:05:58.237Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b", + "created": "2020-05-04T14:22:20.348Z", + "x_mitre_version": "1.0", "external_references": [ { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." } ], - "modified": "2020-01-27T17:05:58.237Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)", + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -32450,22 +24854,45 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5", + "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b", "type": "relationship", - "created": "2020-09-11T16:22:03.231Z", + "created": "2020-09-14T14:13:45.259Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." } ], - "modified": "2020-09-11T16:22:03.231Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)", + "modified": "2020-09-14T14:13:45.259Z", + "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)", "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58", + "type": "relationship", + "created": "2020-04-08T15:41:19.421Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:41:19.421Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32474,28 +24901,253 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--049a5149-00c9-492a-8ffb-463f3d0cd910", - "created": "2022-03-30T20:13:28.442Z", - "x_mitre_version": "0.1", + "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc", + "created": "2021-10-01T14:42:49.174Z", + "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Android 10 Limitations to Hiding App Icons", - "url": "https://source.android.com/setup/start/android-10-release#limitations_to_hiding_app_icons", - "description": "Android. (n.d.). Android 10 Release Notes: Limitations to hiding app icons. Retrieved March 30, 2022." - }, - { - "source_name": "LauncherApps getActivityList", - "url": "https://developer.android.com/reference/kotlin/android/content/pm/LauncherApps#getactivitylist", - "description": "Android. (n.d.). LauncherApps: getActivityList. Retrieved March 30, 2022." + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "Android 10 introduced changes to prevent malicious applications from fully suppressing their icon in the launcher.(Citation: Android 10 Limitations to Hiding App Icons)(Citation: LauncherApps getActivityList)", - "modified": "2022-05-20T17:16:08.998Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)", + "modified": "2022-04-15T15:52:38.253Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b", + "type": "relationship", + "created": "2020-12-17T20:15:22.397Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.397Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "type": "relationship", + "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31", + "created": "2022-09-29T20:11:55.474Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:39:16.003Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3", + "created": "2020-04-08T15:41:19.404Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc", + "created": "2022-04-01T13:18:40.460Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ", + "modified": "2022-04-01T13:18:40.460Z", "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2", + "created": "2020-07-27T14:14:57.020Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)", + "modified": "2022-04-15T15:53:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94", + "created": "2022-04-15T17:52:24.125Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-15T17:52:24.125Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251", + "type": "relationship", + "created": "2020-07-20T13:58:53.610Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + } + ], + "modified": "2020-09-24T15:12:24.302Z", + "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0", + "type": "relationship", + "created": "2019-09-15T15:32:17.563Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-07-09T14:07:02.315Z", + "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e", + "created": "2020-04-08T15:51:25.122Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -32504,25 +25156,71 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165", + "type": "relationship", + "created": "2020-09-15T15:18:12.459Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.459Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e", "type": "relationship", - "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea", "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" + } + ], + "modified": "2019-10-10T15:27:22.175Z", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b", + "created": "2020-12-17T20:15:22.492Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "HackerNews-Allwinner", - "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html", - "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018." + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)", - "modified": "2022-04-15T15:16:35.892Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8", - "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32530,22 +25228,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965", + "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90", "type": "relationship", - "created": "2020-04-08T15:51:25.106Z", + "created": "2020-09-11T14:54:16.621Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." } ], - "modified": "2020-04-08T15:51:25.106Z", - "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)", + "modified": "2020-09-11T14:54:16.621Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)", "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32553,47 +25251,21 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1", "type": "relationship", - "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88", - "created": "2020-10-29T19:21:23.225Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c", - "type": "relationship", - "created": "2020-01-27T17:05:58.273Z", + "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" + "source_name": "Zscaler-SpyNote", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" } ], - "modified": "2020-01-27T17:05:58.273Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2019-10-10T15:24:09.355Z", + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)", "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -32603,24 +25275,24 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6", - "created": "2018-10-17T00:14:20.652Z", + "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f", + "created": "2020-12-17T20:15:22.501Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Proofpoint-Marcher", - "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks", - "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018." + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32629,195 +25301,8 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6", - "created": "2022-04-05T19:54:12.660Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:54:12.660Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5", - "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650", - "created": "2019-07-10T15:35:43.663Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b", - "created": "2019-11-18T14:47:25.327Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Triada June 2019", - "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", - "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." - }, - { - "source_name": "Kaspersky Triada March 2016", - "url": "https://www.kaspersky.com/blog/triada-trojan/11481/", - "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", - "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819", - "type": "relationship", - "created": "2019-08-07T15:57:13.412Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "modified": "2019-09-15T15:36:42.312Z", - "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8", - "type": "relationship", - "created": "2020-09-24T15:34:51.433Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Dendroid", - "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", - "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" - } - ], - "modified": "2020-09-24T15:34:51.433Z", - "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)", - "relationship_type": "uses", - "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920", - "created": "2022-04-05T19:46:22.326Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.", - "modified": "2022-04-05T19:46:22.326Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4", - "type": "relationship", - "created": "2020-04-08T15:51:25.157Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "modified": "2020-04-08T15:51:25.157Z", - "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-10-15T19:37:21.273Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527", - "created": "2019-09-04T14:28:16.335Z", + "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898", + "created": "2019-09-04T14:28:16.414Z", "x_mitre_version": "1.0", "external_references": [ { @@ -32828,12 +25313,12 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)", - "modified": "2022-04-19T14:25:41.669Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32841,28 +25326,9 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0", "type": "relationship", - "id": "relationship--cea30219-a255-43ae-b731-9512c5044523", - "created": "2022-04-18T19:46:02.547Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-18T19:46:02.547Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0", - "type": "relationship", - "created": "2020-12-24T22:04:27.997Z", + "created": "2020-12-24T21:55:56.692Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -32871,10 +25337,33 @@ "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2020-12-24T22:04:27.997Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)", + "modified": "2020-12-24T21:55:56.692Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)", "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d", + "type": "relationship", + "created": "2020-09-11T14:54:16.582Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T14:54:16.582Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -32883,21 +25372,86 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c", + "id": "relationship--27247071-356b-4b5f-bc8f-6436a3fec095", "type": "relationship", - "created": "2019-09-15T15:35:33.215Z", + "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "source_name": "Talos Gustuff Apr 2019" + "source_name": "Lookout-EnterpriseApps", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" } ], - "modified": "2019-09-15T15:35:33.215Z", - "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)", + "modified": "2018-10-17T00:14:20.652Z", + "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's location.(Citation: Lookout-EnterpriseApps)", "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e", + "type": "relationship", + "created": "2020-07-15T20:20:59.382Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.382Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415", + "created": "2022-03-30T14:50:07.291Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation could detect unauthorized operating system modifications.", + "modified": "2022-03-30T14:50:07.291Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196", + "type": "relationship", + "created": "2020-12-18T20:14:47.367Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T20:14:47.367Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -32906,25 +25460,48 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--07dd3318-2965-4085-be64-a8e956c7b8da", "type": "relationship", - "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb", - "created": "2020-09-15T15:18:12.466Z", + "created": "2020-12-18T20:14:47.319Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T20:14:47.319Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has stored encoded strings.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1", + "created": "2019-07-10T15:35:43.661Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-19T20:23:15.470Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32932,27 +25509,94 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6", "type": "relationship", - "created": "2019-11-21T16:42:48.501Z", + "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd", + "created": "2020-07-15T20:20:59.289Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7", + "type": "relationship", + "created": "2019-08-07T15:57:13.388Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "source_name": "SecureList - ViceLeaker 2019" - }, - { - "source_name": "Bitdefender - Triout 2018", - "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", - "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." } ], - "modified": "2020-01-21T14:20:50.492Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", + "modified": "2019-09-18T13:44:13.453Z", + "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)", "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0", + "type": "relationship", + "created": "2020-12-24T21:55:56.686Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.686Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e", + "type": "relationship", + "created": "2021-01-05T20:16:20.512Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.512Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -32987,136 +25631,94 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef", - "created": "2022-04-05T20:14:17.442Z", + "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024", + "created": "2022-04-15T18:11:06.097Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Skycure-Profiles", + "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/", + "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288/) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)", + "modified": "2022-04-15T18:11:06.097Z", + "relationship_type": "uses", + "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa", + "created": "2020-11-10T17:08:35.761Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56", + "created": "2020-04-24T15:06:33.455Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2022-04-20T17:30:39.449Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d", + "created": "2022-04-01T17:06:06.950Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "", - "modified": "2022-04-05T20:14:17.442Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", - "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-WUC", - "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", - "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df", - "created": "2020-12-14T14:52:03.351Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Sophos Red Alert 2.0", - "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", - "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b", - "created": "2020-04-08T15:51:25.128Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023", - "type": "relationship", - "created": "2020-09-14T14:13:45.253Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout eSurv", - "url": "https://blog.lookout.com/esurv-research", - "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-14T14:13:45.253Z", - "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)", - "relationship_type": "uses", - "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0", - "created": "2022-03-30T20:31:57.183Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.", - "modified": "2022-03-30T20:31:57.183Z", + "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ", + "modified": "2022-04-01T17:06:06.950Z", "relationship_type": "mitigates", "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33125,33 +25727,10 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5", "type": "relationship", - "created": "2019-09-03T19:45:48.501Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-10-14T16:47:53.197Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2", + "created": "2019-09-04T14:28:15.482Z", "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d", - "type": "relationship", - "created": "2020-01-21T15:30:39.335Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "Lookout-Monokle", @@ -33159,11 +25738,105 @@ "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." } ], - "modified": "2020-01-21T15:30:39.335Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ", + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)", + "modified": "2022-04-15T16:38:09.953Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint-Judy", + "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.", + "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)", + "relationship_type": "uses", + "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10", + "created": "2019-09-03T20:08:00.649Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd", + "created": "2022-04-01T15:03:02.553Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T15:03:02.553Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5", + "type": "relationship", + "created": "2020-06-26T14:55:13.382Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T14:55:13.382Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33197,18 +25870,79 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413", "type": "relationship", - "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c", - "created": "2022-04-01T16:51:20.688Z", - "x_mitre_version": "0.1", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-08-09T17:59:49.094Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7", + "created": "2020-11-24T17:55:12.889Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], "x_mitre_deprecated": false, "revoked": false, - "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.", - "modified": "2022-04-01T16:51:20.688Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--29357289-362c-447c-b387-9a38b50d7296", + "created": "2022-04-15T17:20:06.338Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + }, + { + "source_name": "Check Point-Joker", + "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/", + "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)", + "modified": "2022-04-15T17:20:06.338Z", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33216,25 +25950,1033 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109", + "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9", "type": "relationship", - "created": "2020-05-07T15:33:32.928Z", + "created": "2020-09-11T14:54:16.548Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "CheckPoint Agent Smith", - "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", - "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." } ], - "modified": "2020-05-07T15:33:32.928Z", - "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)", + "modified": "2020-09-11T14:54:16.548Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)", "relationship_type": "uses", - "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37", + "created": "2020-01-27T17:05:58.263Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Bouncing Golf 2019", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e", + "created": "2020-01-27T17:05:58.335Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Bouncing Golf 2019", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42", + "type": "relationship", + "created": "2021-10-01T14:42:48.913Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-06T15:32:46.477Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b", + "type": "relationship", + "created": "2020-01-27T17:05:58.312Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.312Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25", + "type": "relationship", + "created": "2020-09-11T15:55:43.774Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2020-09-11T15:55:43.774Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-08-09T17:53:48.783Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9", + "created": "2019-09-04T14:28:15.316Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ", + "modified": "2022-04-15T16:02:44.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1", + "created": "2021-10-01T14:42:49.176Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)", + "modified": "2022-04-15T17:33:49.565Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941", + "created": "2020-07-27T14:14:56.994Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad", + "created": "2022-04-05T19:45:03.117Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:45:03.117Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + } + ], + "modified": "2019-08-09T17:52:31.818Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-EnterpriseApps", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52", + "created": "2019-09-23T13:36:08.459Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237", + "created": "2019-11-21T16:42:48.441Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c", + "type": "relationship", + "created": "2020-12-18T20:14:47.371Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T21:00:05.246Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb", + "type": "relationship", + "created": "2020-12-18T20:14:47.412Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-18T20:14:47.412Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864", + "type": "relationship", + "created": "2020-06-26T15:12:40.077Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ESET DEFENSOR ID", + "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", + "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:12:40.077Z", + "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)", + "relationship_type": "uses", + "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a", + "created": "2020-10-29T19:21:23.143Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac", + "created": "2020-12-18T20:14:47.310Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd", + "created": "2022-03-30T20:08:40.223Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ", + "modified": "2022-03-30T20:08:40.223Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb", + "created": "2020-09-15T15:18:12.466Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-19T20:23:15.470Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2", + "created": "2019-09-03T20:08:00.704Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)", + "modified": "2022-04-15T17:18:58.074Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76", + "created": "2020-12-17T20:15:22.441Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-BrainTest", + "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", + "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)", + "relationship_type": "uses", + "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37", + "type": "relationship", + "created": "2020-05-07T15:24:49.583Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-05-27T13:23:34.544Z", + "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943", + "created": "2022-04-05T20:11:51.188Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ", + "modified": "2022-04-05T20:11:51.188Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-08-09T17:53:48.780Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-EnterpriseApps", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)", + "relationship_type": "uses", + "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473", + "type": "relationship", + "created": "2020-01-27T17:05:58.333Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-03-26T20:50:07.266Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)", + "modified": "2022-04-15T16:02:14.739Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901", + "type": "relationship", + "created": "2020-04-24T17:46:31.607Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:46:31.607Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f", + "created": "2020-09-15T15:18:12.465Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962", + "created": "2022-03-30T19:54:07.548Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ", + "modified": "2022-03-30T19:54:07.548Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1", + "created": "2020-06-26T15:32:25.002Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-15T17:33:17.868Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484", + "created": "2019-09-04T15:38:56.877Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + }, + { + "source_name": "FlexiSpy-Features", + "url": "https://www.flexispy.com/en/features-overview.htm", + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6", + "type": "relationship", + "created": "2020-10-29T17:48:27.225Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "modified": "2020-10-29T17:48:27.225Z", + "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5", + "type": "relationship", + "created": "2019-09-03T19:45:48.501Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-10-14T16:47:53.197Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f", + "created": "2019-09-04T14:28:16.487Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)", + "modified": "2022-04-15T17:34:52.414Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c", + "type": "relationship", + "created": "2019-09-15T15:35:33.215Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "source_name": "Talos Gustuff Apr 2019" + } + ], + "modified": "2019-09-15T15:35:33.215Z", + "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19", + "type": "relationship", + "created": "2021-02-17T20:43:52.381Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.381Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b", + "created": "2019-12-10T16:07:41.081Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9", + "created": "2020-04-24T17:46:31.598Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -33271,24 +27013,29 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f", - "created": "2020-06-26T15:12:40.100Z", - "x_mitre_version": "1.0", + "id": "relationship--049a5149-00c9-492a-8ffb-463f3d0cd910", + "created": "2022-03-30T20:13:28.442Z", + "x_mitre_version": "0.1", "external_references": [ { - "source_name": "ESET DEFENSOR ID", - "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", - "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." + "source_name": "Android 10 Limitations to Hiding App Icons", + "url": "https://source.android.com/setup/start/android-10-release#limitations_to_hiding_app_icons", + "description": "Android. (n.d.). Android 10 Release Notes: Limitations to hiding app icons. Retrieved March 30, 2022." + }, + { + "source_name": "LauncherApps getActivityList", + "url": "https://developer.android.com/reference/kotlin/android/content/pm/LauncherApps#getactivitylist", + "description": "Android. (n.d.). LauncherApps: getActivityList. Retrieved March 30, 2022." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "Android 10 introduced changes to prevent malicious applications from fully suppressing their icon in the launcher.(Citation: Android 10 Limitations to Hiding App Icons)(Citation: LauncherApps getActivityList)", + "modified": "2022-05-20T17:16:08.998Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33296,33 +27043,7 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "type": "relationship", - "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d", - "created": "2020-05-04T14:04:56.179Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)", - "modified": "2022-04-15T17:20:54.552Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041", + "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8", "type": "relationship", "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", @@ -33333,14 +27054,482 @@ "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" } ], - "modified": "2019-10-10T15:27:22.174Z", - "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)", + "modified": "2019-10-10T15:27:22.157Z", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)", "relationship_type": "uses", "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Proofpoint-Marcher", + "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks", + "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3", + "type": "relationship", + "created": "2020-12-31T18:25:05.142Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.142Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60", + "type": "relationship", + "created": "2020-09-11T14:54:16.585Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2021-04-19T17:11:50.418Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688", + "created": "2020-05-07T15:33:32.910Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler-SpyNote", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app" + } + ], + "modified": "2019-10-10T15:24:09.378Z", + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)", + "relationship_type": "uses", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f", + "type": "relationship", + "created": "2020-12-24T22:04:28.002Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.002Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CrowdStrike-Android", + "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.", + "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)", + "relationship_type": "uses", + "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f", + "created": "2022-04-01T18:52:13.171Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.", + "modified": "2022-04-01T18:52:13.171Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf", + "created": "2019-07-16T14:33:12.144Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ", + "modified": "2022-04-20T17:43:35.227Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010", + "created": "2022-03-30T18:18:15.915Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T18:18:15.915Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016", + "created": "2019-09-23T13:36:08.335Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85", + "type": "relationship", + "created": "2020-11-20T16:37:28.547Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.547Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da", + "type": "relationship", + "created": "2021-09-24T14:52:41.308Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2021-09-24T14:52:41.308Z", + "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474", + "created": "2020-09-15T15:18:12.428Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77", + "created": "2022-04-06T15:52:41.579Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:52:41.579Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef", + "created": "2020-07-27T14:14:56.993Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c", + "created": "2019-11-21T19:16:34.820Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint SimBad 2019", + "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", + "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0", + "created": "2022-04-01T15:02:04.528Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Apple regularly provides security updates for known OS vulnerabilities. ", + "modified": "2022-04-01T15:02:04.528Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -33371,22 +27560,41 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f", "type": "relationship", - "created": "2020-07-15T20:20:59.305Z", + "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0", + "created": "2019-09-04T20:01:42.722Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ", + "modified": "2022-04-01T13:32:19.919Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16", + "type": "relationship", + "created": "2021-02-17T20:43:52.420Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." } ], - "modified": "2020-07-15T20:20:59.305Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)", + "modified": "2021-02-17T20:43:52.420Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)", "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33394,22 +27602,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358", + "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9", "type": "relationship", - "created": "2020-11-10T17:08:35.664Z", + "created": "2020-09-11T15:58:40.846Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." } ], - "modified": "2020-12-01T19:48:44.840Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)", + "modified": "2020-09-11T15:58:40.846Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)", "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33418,8 +27626,132 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d", - "created": "2019-07-10T15:35:43.658Z", + "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446", + "created": "2020-12-14T14:52:03.294Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad", + "type": "relationship", + "created": "2020-12-07T14:28:32.141Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "modified": "2020-12-07T14:28:32.141Z", + "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-EnterpriseApps", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" + } + ], + "modified": "2019-10-15T19:54:10.284Z", + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca", + "created": "2020-09-11T16:22:03.285Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357", + "created": "2019-07-10T15:25:57.572Z", "x_mitre_version": "1.0", "external_references": [ { @@ -33430,12 +27762,136 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-19T14:25:41.669Z", + "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", + "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6", + "type": "relationship", + "created": "2021-01-05T20:16:20.484Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.484Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544", + "created": "2020-04-08T15:41:19.448Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)", + "modified": "2022-04-15T17:33:02.327Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962", + "created": "2019-09-23T13:36:08.456Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14", + "type": "relationship", + "created": "2019-07-10T15:35:43.610Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.693Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d", + "created": "2020-09-11T14:54:16.587Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33465,175 +27921,6 @@ "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f", - "created": "2020-09-15T15:18:12.465Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e", - "type": "relationship", - "created": "2019-07-10T15:25:57.623Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" - } - ], - "modified": "2019-08-12T17:30:07.568Z", - "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3", - "type": "relationship", - "created": "2020-04-24T15:06:33.510Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.510Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429", - "created": "2022-04-01T18:51:28.859Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.", - "modified": "2022-04-01T18:51:28.859Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-15T16:03:04.364Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56", - "created": "2019-09-03T20:08:00.737Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)", - "modified": "2022-04-15T17:39:08.123Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9", - "created": "2020-09-15T15:18:12.419Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -33661,44 +27948,21 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248", + "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c", "type": "relationship", - "created": "2019-07-10T15:25:57.604Z", + "created": "2020-06-26T14:55:13.380Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout Dark Caracal Jan 2018", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." } ], - "modified": "2019-08-12T17:30:07.572Z", - "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2020-06-26T14:55:13.380Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)", "relationship_type": "uses", - "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e", - "type": "relationship", - "created": "2020-09-15T15:18:12.425Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.425Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33707,22 +27971,48 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c", "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", + "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13", + "created": "2020-10-29T17:48:27.425Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5", + "type": "relationship", + "created": "2020-12-24T21:55:56.747Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "PaloAlto-XcodeGhost", - "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.", - "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/" + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." } ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)", + "modified": "2020-12-24T21:55:56.747Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)", "relationship_type": "uses", - "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", - "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33730,21 +28020,662 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7", + "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150", "type": "relationship", - "created": "2020-11-24T17:55:12.822Z", + "created": "2020-05-11T16:37:36.673Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "source_name": "ThreatFabric Ginp" } ], - "modified": "2020-11-24T17:55:12.822Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)", + "modified": "2020-05-11T16:37:36.673Z", + "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ", "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ArsTechnica-HummingBad", + "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.", + "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)", + "relationship_type": "uses", + "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f", + "created": "2019-09-03T19:45:48.518Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2", + "created": "2022-04-01T13:27:29.919Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T13:27:29.920Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6", + "created": "2022-03-30T15:18:21.256Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T15:18:21.256Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" + } + ], + "modified": "2019-10-10T15:27:22.110Z", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf", + "created": "2020-06-02T14:32:31.897Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b", + "created": "2019-11-18T14:47:25.327Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + }, + { + "source_name": "Kaspersky Triada March 2016", + "url": "https://www.kaspersky.com/blog/triada-trojan/11481/", + "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2", + "created": "2020-09-15T15:18:12.460Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc", + "type": "relationship", + "created": "2019-09-23T13:36:08.441Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "source_name": "securelist rotexy 2018" + } + ], + "modified": "2019-09-23T13:36:08.441Z", + "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb", + "created": "2019-09-04T15:38:56.881Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)", + "modified": "2022-04-19T20:08:40.140Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71", + "created": "2019-07-10T15:42:09.606Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ", + "modified": "2022-04-19T20:11:29.974Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b", + "created": "2022-04-01T15:21:35.655Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ", + "modified": "2022-04-01T15:21:35.655Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d", + "type": "relationship", + "created": "2019-08-09T18:06:11.672Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.672Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659", + "created": "2020-12-24T21:45:56.967Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e", + "created": "2022-04-01T15:16:16.027Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Trend Micro iOS URL Hijacking", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/", + "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12). iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", + "modified": "2022-04-01T15:16:16.027Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544", + "created": "2020-05-04T14:04:56.184Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837", + "created": "2022-03-30T18:14:23.210Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ", + "modified": "2022-03-30T18:14:23.210Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4", + "type": "relationship", + "created": "2021-02-17T20:43:52.413Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.413Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51", + "created": "2022-04-01T12:37:17.515Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "OS feature updates often enhance security and privacy around permissions. ", + "modified": "2022-04-01T12:37:17.515Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089", + "created": "2022-03-28T19:41:27.610Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.", + "modified": "2022-03-28T19:41:27.610Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "NYTimes-BackDoor", + "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", + "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd", + "type": "relationship", + "created": "2020-04-08T18:55:29.205Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + }, + { + "source_name": "Trend Micro Anubis", + "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", + "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." + } + ], + "modified": "2021-01-20T16:01:19.565Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf", + "created": "2020-06-02T14:32:31.891Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad", + "created": "2020-04-24T15:06:33.397Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030", + "created": "2022-03-30T20:42:04.251Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.", + "modified": "2022-03-30T20:42:04.251Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24", + "type": "relationship", + "created": "2020-01-27T17:05:58.267Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.267Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33754,23 +28685,349 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78", - "created": "2020-10-29T19:21:23.215Z", - "x_mitre_version": "1.0", + "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9", + "created": "2022-03-30T14:26:02.359Z", + "x_mitre_version": "0.1", "external_references": [ { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + "source_name": "Android Changes to System Broadcasts", + "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts", + "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)", - "modified": "2022-04-19T20:11:03.972Z", + "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ", + "modified": "2022-03-30T14:26:02.359Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d", + "created": "2022-04-01T13:26:39.773Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ", + "modified": "2022-04-01T13:26:39.773Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb", + "created": "2019-08-09T16:19:02.782Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Android Capture Sensor 2019", + "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access", + "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ", + "modified": "2022-04-01T15:21:13.296Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60", + "type": "relationship", + "created": "2020-07-27T14:14:56.980Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "modified": "2020-08-10T22:18:20.815Z", + "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb", + "type": "relationship", + "created": "2020-06-26T14:55:13.261Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T14:55:13.261Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01", + "created": "2022-03-30T14:00:45.120Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T14:00:45.120Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a", + "created": "2021-01-07T17:02:31.805Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-10-15T19:44:36.177Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551", + "type": "relationship", + "created": "2021-02-08T16:36:20.698Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.412Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d", + "type": "relationship", + "created": "2021-01-05T20:16:20.417Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.417Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49", + "type": "relationship", + "created": "2020-12-24T22:04:28.004Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.004Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f", + "type": "relationship", + "created": "2020-04-27T16:52:49.444Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "modified": "2020-04-27T16:52:49.444Z", + "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86", + "created": "2019-09-03T19:45:48.498Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ", + "modified": "2022-04-19T20:09:24.725Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33779,25 +29036,425 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d", + "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc", + "type": "relationship", + "created": "2020-07-15T20:20:59.298Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.298Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415", + "type": "relationship", + "created": "2020-11-10T17:08:35.819Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.819Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd", + "created": "2019-09-03T19:45:48.503Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-XcodeGhost1", + "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/", + "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016." + }, + { + "source_name": "PaloAlto-XcodeGhost", + "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/", + "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)", + "modified": "2022-04-15T15:10:16.607Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", + "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b", + "type": "relationship", + "created": "2020-12-24T22:04:27.914Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:27.914Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357", + "type": "relationship", + "created": "2020-12-17T20:15:22.408Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.408Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f", + "created": "2022-03-30T19:28:55.980Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.", + "modified": "2022-03-30T19:28:55.980Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265", + "created": "2021-04-19T14:29:46.510Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ", + "modified": "2022-04-19T20:07:13.475Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b", + "type": "relationship", + "created": "2020-12-31T18:25:05.131Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.131Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056", + "type": "relationship", + "created": "2020-06-26T15:32:25.058Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + }, + { + "source_name": "CheckPoint Cerberus", + "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/", + "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:32:25.058Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c", "type": "relationship", "created": "2017-12-14T16:46:06.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Lookout-EnterpriseApps", - "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", - "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" + "source_name": "HackerNews-OldBoot", + "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.", + "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html" } ], "modified": "2018-10-17T00:14:20.652Z", - "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)", + "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)", "relationship_type": "uses", - "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137", + "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc", + "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224", + "type": "relationship", + "created": "2019-09-03T20:08:00.670Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "source_name": "Talos Gustuff Apr 2019" + } + ], + "modified": "2019-10-10T15:19:47.960Z", + "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2", + "type": "relationship", + "created": "2020-04-24T17:46:31.586Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-27T15:27:26.539Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9", + "type": "relationship", + "created": "2020-04-24T17:46:31.582Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:46:31.582Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519", + "created": "2022-04-05T17:03:53.457Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:03:53.457Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f", + "created": "2019-07-16T14:33:12.107Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky Triada June 2016", + "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/", + "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019." + }, + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec", + "created": "2022-04-01T15:13:10.022Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "iOS Universal Links", + "url": "https://developer.apple.com/ios/universal-links/", + "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020." + }, + { + "source_name": "Android App Links", + "url": "https://developer.android.com/training/app-links/verify-site-associations", + "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020." + }, + { + "source_name": "IETF-PKCE", + "url": "https://tools.ietf.org/html/rfc7636", + "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ", + "modified": "2022-04-01T15:13:10.022Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -33821,22 +29478,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63", + "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592", "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", + "created": "2018-10-17T00:14:20.652Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" } ], - "modified": "2019-08-09T17:53:48.793Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)", + "modified": "2019-08-09T17:59:49.072Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)", "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33844,21 +29501,455 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473", "type": "relationship", - "created": "2020-01-27T17:05:58.333Z", + "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd", + "created": "2020-06-26T14:55:13.333Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf", + "created": "2022-04-06T13:57:49.186Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T13:57:49.186Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Wandera-RedDrop", + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)", + "modified": "2022-04-20T17:41:46.451Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15", + "created": "2022-03-30T14:42:27.821Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T14:42:27.821Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671", + "created": "2021-02-08T16:36:20.709Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-18T16:07:26.671Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03", + "type": "relationship", + "created": "2020-12-17T20:15:22.449Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." } ], - "modified": "2020-03-26T20:50:07.266Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2020-12-17T20:15:22.449Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)", "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9", + "type": "relationship", + "created": "2020-07-20T13:27:33.548Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T22:00:43.490Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0", + "created": "2022-04-11T20:05:56.540Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-11T20:05:56.540Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", + "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b", + "created": "2022-03-30T14:08:09.882Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T14:08:09.882Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-DressCode", + "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)", + "relationship_type": "uses", + "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", + "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d", + "type": "relationship", + "created": "2020-04-24T17:46:31.691Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T17:46:31.691Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c", + "type": "relationship", + "created": "2021-02-17T20:43:52.410Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.410Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91", + "created": "2020-10-29T19:21:23.187Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74", + "type": "relationship", + "created": "2021-01-05T20:16:20.511Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.511Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa", + "created": "2022-04-01T16:52:36.974Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T16:52:36.974Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76", + "created": "2019-10-18T14:50:57.472Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates frequently contain patches for known exploits.", + "modified": "2022-03-25T14:12:54.498Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103", + "created": "2019-09-23T13:36:08.341Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)", + "modified": "2022-04-19T20:12:09.565Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-MobileMalware", + "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", + "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", + "modified": "2022-04-19T20:07:56.150Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd", + "type": "relationship", + "created": "2020-04-08T18:55:29.196Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "source_name": "Cofense Anubis" + } + ], + "modified": "2020-04-09T16:45:38.751Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) exfiltrates data encrypted (with RC4) by its ransomware module.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33868,25 +29959,152 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760", - "created": "2022-03-30T14:41:20.735Z", + "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c", + "created": "2022-04-01T18:52:02.211Z", "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be taught the dangers of rooting or jailbreaking their device.", + "modified": "2022-04-01T18:52:02.211Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa", + "type": "relationship", + "created": "2020-11-24T17:55:12.903Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Android Changes to System Broadcasts", - "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts", - "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020." + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.903Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a", + "type": "relationship", + "created": "2020-07-15T20:20:59.186Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.186Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072", + "type": "relationship", + "created": "2020-09-11T15:14:34.064Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SMS KitKat", + "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html", + "description": "S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020." + } + ], + "modified": "2020-10-22T17:04:15.708Z", + "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac", + "created": "2020-06-26T15:32:25.060Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)", - "modified": "2022-03-30T14:41:20.735Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca", + "type": "relationship", + "created": "2019-07-23T15:35:23.530Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2020-03-30T14:03:43.920Z", + "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to whitelist applications that are allowed to use Android's accessibility features.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a", + "type": "relationship", + "created": "2021-02-17T20:43:52.333Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.333Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -33894,16 +30112,211 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11", - "created": "2022-04-05T19:37:16.086Z", + "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--51757971-17ac-40c3-bae7-78365579db49", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-Obad", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/", + "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)", + "modified": "2022-04-15T15:45:04.647Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde", + "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a", + "created": "2020-12-24T21:55:56.691Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775", + "created": "2022-04-05T20:15:43.660Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, "description": "", - "modified": "2022-04-05T19:37:16.086Z", + "modified": "2022-04-05T20:15:43.660Z", "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", + "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889", + "type": "relationship", + "created": "2020-11-20T16:37:28.506Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.506Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-WireLurker", + "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.", + "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)", + "relationship_type": "uses", + "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", + "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15", + "created": "2020-12-24T21:45:56.965Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861", + "created": "2021-02-08T16:36:20.711Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e", + "created": "2022-03-28T19:40:40.860Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-28T19:40:40.860Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33913,8 +30326,481 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8", - "created": "2019-09-04T14:28:15.970Z", + "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f", + "created": "2020-06-02T14:32:31.906Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Volexity Insomnia", + "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", + "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)", + "modified": "2022-04-20T16:40:05.898Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f", + "created": "2019-09-23T13:36:08.463Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132", + "created": "2022-03-30T14:06:26.530Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security products can typically detect jailbroken or rooted devices. ", + "modified": "2022-03-30T14:06:26.530Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64", + "type": "relationship", + "created": "2019-11-21T16:42:48.495Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "modified": "2019-11-21T16:42:48.495Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0", + "created": "2019-09-03T20:08:00.711Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Group IB Gustuff Mar 2019", + "url": "https://www.group-ib.com/blog/gustuff", + "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019." + }, + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)", + "modified": "2022-04-19T19:42:17.904Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d", + "created": "2020-12-18T20:14:47.297Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad", + "type": "relationship", + "created": "2020-11-20T16:37:28.429Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.429Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070", + "created": "2022-04-15T17:18:44.185Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)", + "modified": "2022-04-15T17:18:44.185Z", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SuperMarioRun", + "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", + "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)", + "modified": "2022-05-20T17:13:16.510Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-08-09T17:59:49.112Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + } + ], + "modified": "2019-08-09T17:52:31.838Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f", + "type": "relationship", + "created": "2020-12-14T15:02:35.287Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T15:02:35.290Z", + "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95", + "type": "relationship", + "created": "2019-10-18T15:51:48.525Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2019-10-18T15:51:48.525Z", + "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594", + "created": "2022-04-05T17:14:08.267Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T17:14:08.267Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f", + "created": "2022-04-05T20:11:35.619Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ", + "modified": "2022-04-05T20:11:35.619Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302", + "created": "2022-04-05T19:42:39.957Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android 12 Features", + "url": "https://developer.android.com/about/versions/12/features", + "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", + "modified": "2022-04-05T19:51:47.956Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c", + "type": "relationship", + "created": "2020-11-10T17:08:35.624Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.624Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999", + "created": "2020-11-24T17:55:12.818Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e", + "created": "2019-09-04T14:28:15.479Z", "x_mitre_version": "1.0", "external_references": [ { @@ -33925,12 +30811,12 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)", - "modified": "2022-04-12T10:01:44.682Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)", + "modified": "2022-04-19T14:25:41.669Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -33938,21 +30824,867 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6", "type": "relationship", - "created": "2020-07-15T20:20:59.296Z", + "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0", + "created": "2019-09-04T15:38:56.702Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "FortiGuard-FlexiSpy", + "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", + "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3", + "type": "relationship", + "created": "2020-06-26T14:55:13.351Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." } ], - "modified": "2020-07-15T20:20:59.296Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)", + "modified": "2020-06-26T14:55:13.351Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)", "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654", + "type": "relationship", + "created": "2020-06-02T14:32:31.910Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.910Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998", + "created": "2020-04-08T15:41:19.385Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801", + "type": "relationship", + "created": "2020-09-11T16:22:03.207Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.207Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-BrainTest", + "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", + "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)", + "relationship_type": "uses", + "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724", + "created": "2022-04-01T15:02:21.344Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation can often detect jailbroken devices. ", + "modified": "2022-04-01T15:02:21.344Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8", + "created": "2022-04-01T18:49:51.050Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T18:49:51.050Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1", + "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc", + "created": "2019-09-04T14:28:15.412Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987", + "created": "2022-04-01T18:43:15.716Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.", + "modified": "2022-04-01T18:43:15.716Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf", + "type": "relationship", + "created": "2021-10-01T14:42:48.900Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-01T14:42:48.900Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6", + "created": "2022-04-01T15:16:53.239Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T15:16:53.239Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", + "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e", + "created": "2019-09-03T20:08:00.717Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a", + "type": "relationship", + "created": "2020-11-24T17:55:12.846Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.846Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1", + "type": "relationship", + "created": "2020-06-26T14:55:13.289Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T14:55:13.289Z", + "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847", + "created": "2022-04-06T13:30:03.526Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.", + "modified": "2022-04-06T13:30:03.527Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "type": "relationship", + "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4", + "created": "2022-09-29T21:22:06.716Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:45:10.156Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab", + "type": "relationship", + "created": "2020-09-11T16:22:03.229Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:22:03.229Z", + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e", + "created": "2020-09-14T14:13:45.299Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)", + "modified": "2022-04-18T15:58:08.240Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6", + "type": "relationship", + "created": "2020-12-24T22:04:28.015Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:28.015Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0", + "created": "2022-03-30T19:52:05.143Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:52:05.143Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/" + } + ], + "modified": "2019-10-15T19:54:10.285Z", + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f", + "created": "2022-04-01T12:50:48.459Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T12:50:48.459Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118", + "created": "2020-12-24T21:55:56.696Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--919a13bc-74be-4660-af63-454abee92635", + "type": "relationship", + "created": "2019-03-11T15:13:40.408Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.", + "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A", + "source_name": "TrendMicro-Anserver2" + } + ], + "modified": "2019-08-05T20:05:25.571Z", + "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)", + "relationship_type": "uses", + "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8", + "created": "2019-09-04T15:38:56.721Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "FortiGuard-FlexiSpy", + "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", + "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Xiao-ZergHelper", + "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)", + "relationship_type": "uses", + "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c", + "type": "relationship", + "created": "2019-07-10T15:35:43.631Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-08-09T18:06:11.741Z", + "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd", + "type": "relationship", + "created": "2020-05-04T14:04:56.214Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "modified": "2020-05-04T15:40:21.076Z", + "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5", + "created": "2020-04-08T15:41:19.445Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Anubis", + "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", + "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." + }, + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)", + "modified": "2022-04-20T17:57:23.327Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022", + "type": "relationship", + "created": "2020-01-27T17:05:58.271Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.271Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93", + "type": "relationship", + "created": "2020-09-11T15:50:18.937Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "source_name": "ThreatFabric Ginp" + } + ], + "modified": "2020-09-11T15:50:18.937Z", + "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0", + "created": "2022-04-01T16:52:03.322Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T16:52:03.322Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "FireEye-RuMMS", + "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.", + "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)", + "relationship_type": "uses", + "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-MobileMalware", + "url": "https://securelist.com/mobile-malware-evolution-2013/58335/", + "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)", + "modified": "2022-04-19T20:10:19.381Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f", + "created": "2019-10-18T15:51:48.451Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ", + "modified": "2022-04-01T13:32:32.335Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c", + "created": "2022-04-01T16:51:20.688Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.", + "modified": "2022-04-01T16:51:20.688Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4", + "type": "relationship", + "created": "2020-06-02T14:32:31.885Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.885Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -33961,22 +31693,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d", + "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798", "type": "relationship", - "created": "2020-06-02T14:32:31.777Z", + "created": "2020-10-29T19:01:13.854Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Volexity Insomnia", - "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", - "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + "source_name": "Microsoft MalLockerB", + "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", + "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." } ], - "modified": "2020-06-02T14:32:31.777Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)", + "modified": "2020-10-29T19:01:13.854Z", + "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)", "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34015,22 +31747,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009", + "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b", "type": "relationship", - "created": "2020-11-20T16:37:28.391Z", + "created": "2020-12-18T20:14:47.314Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." } ], - "modified": "2020-11-20T16:37:28.391Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)", + "modified": "2020-12-18T20:14:47.314Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)", "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34038,22 +31770,22 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45", + "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7", "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", + "created": "2020-04-24T17:46:31.466Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "FireEye-RuMMS", - "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.", - "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." } ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)", + "modified": "2020-04-24T17:46:31.466Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)", "relationship_type": "uses", - "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34062,70 +31794,18 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e", - "created": "2022-04-01T18:42:37.987Z", + "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85", + "created": "2022-04-01T13:13:10.587Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.", - "modified": "2022-04-01T18:42:37.987Z", + "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ", + "modified": "2022-04-01T13:13:10.587Z", "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fb1fe91d-0997-4403-b2a6-88400f174791", - "created": "2020-05-07T15:06:51.458Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Bread", - "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", - "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Bread](https://attack.mitre.org/software/S0432) had many fake reviews and ratings on the Play Store.(Citation: Google Bread) ", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76", - "created": "2020-12-17T20:15:22.441Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -34133,84 +31813,16 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9", - "created": "2022-03-30T19:50:37.739Z", + "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429", + "created": "2022-04-01T18:51:28.859Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "", - "modified": "2022-03-30T19:50:37.739Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08", - "type": "relationship", - "created": "2020-12-31T18:25:05.177Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "modified": "2020-12-31T18:25:05.177Z", - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809", - "created": "2020-01-27T17:05:58.305Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Trend Micro Bouncing Golf 2019", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228", - "created": "2022-04-01T18:44:46.780Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", - "modified": "2022-04-01T18:44:46.780Z", + "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.", + "modified": "2022-04-01T18:51:28.859Z", "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -34219,22 +31831,45 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7", + "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7", "type": "relationship", - "created": "2020-12-14T15:02:35.230Z", + "created": "2020-11-24T17:55:12.822Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." } ], - "modified": "2020-12-14T15:02:35.230Z", - "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)", + "modified": "2020-11-24T17:55:12.822Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)", "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0", + "type": "relationship", + "created": "2020-04-24T15:12:11.185Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:12:11.185Z", + "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34243,51 +31878,18 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19", - "created": "2020-09-24T15:26:15.607Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], + "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a", + "created": "2022-04-01T14:51:51.593Z", + "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, - "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)", - "modified": "2022-04-20T17:48:38.013Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ", + "modified": "2022-04-01T14:51:51.593Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376", - "created": "2020-06-02T14:32:31.913Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Volexity Insomnia", - "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", - "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)", - "modified": "2022-04-19T20:20:20.149Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -34313,6 +31915,867 @@ "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a", + "type": "relationship", + "created": "2019-08-09T17:52:13.352Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-PegasusAndroid", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" + } + ], + "modified": "2019-08-09T17:52:31.877Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)", + "relationship_type": "uses", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1", + "created": "2020-10-29T17:48:27.175Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-18T19:25:32.400Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625", + "created": "2022-03-31T16:33:55.074Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-31T16:33:55.074Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a", + "created": "2019-11-21T19:16:34.796Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint SimBad 2019", + "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/", + "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6", + "created": "2020-09-14T13:35:45.911Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ESET-Twitoor", + "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)", + "modified": "2022-04-20T17:56:24.292Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", + "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298", + "created": "2020-12-14T15:02:35.297Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d", + "created": "2019-09-04T15:38:56.883Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-XLoader", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/", + "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7", + "created": "2022-04-15T16:00:43.483Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)", + "modified": "2022-04-15T16:00:43.483Z", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348", + "created": "2022-04-20T17:42:11.714Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Wandera-RedDrop", + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)", + "modified": "2022-04-20T17:42:11.714Z", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-08-09T17:53:48.793Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020", + "created": "2022-03-28T19:41:37.162Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates may contain patches for devices that were compromised at the supply chain level.", + "modified": "2022-03-28T19:41:37.162Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9", + "created": "2022-04-01T18:43:01.860Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", + "modified": "2022-04-01T18:43:01.860Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50", + "created": "2020-06-26T15:32:25.025Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45", + "created": "2019-09-15T15:32:17.580Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Android Notification Listeners", + "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)", + "description": "Android. (n.d.). DevicePolicyManager. Retrieved September 15, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ", + "modified": "2022-04-01T14:50:28.686Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae", + "type": "relationship", + "created": "2020-11-10T17:08:35.746Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-01T19:48:44.878Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397", + "type": "relationship", + "created": "2019-09-04T14:28:16.385Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:12.877Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056", + "type": "relationship", + "created": "2020-12-24T22:04:27.919Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:27.919Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1", + "created": "2022-04-06T13:52:46.831Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 7 changed how the Device Administrator password APIs function.", + "modified": "2022-04-06T13:52:46.831Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6", + "created": "2019-07-10T15:35:43.665Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d", + "created": "2020-05-04T14:04:56.179Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)", + "modified": "2022-04-15T17:20:54.552Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48", + "created": "2020-09-24T15:34:51.298Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e", + "type": "relationship", + "created": "2020-06-02T14:32:31.888Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Volexity Insomnia", + "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", + "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.888Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a", + "created": "2020-12-28T18:47:52.357Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [HenBox](https://attack.mitre.org/software/S0544) can run commands as root.(Citation: Palo Alto HenBox) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a", + "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--08c81253-975c-4780-8e85-c72bc6a90c88", + "created": "2020-10-29T19:21:23.225Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WeLiveSecurity AdDisplayAshas", + "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", + "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can generate revenue by automatically displaying ads.(Citation: WeLiveSecurity AdDisplayAshas)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87", + "type": "relationship", + "created": "2020-06-26T15:12:40.098Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ESET DEFENSOR ID", + "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", + "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:12:40.098Z", + "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)", + "relationship_type": "uses", + "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c", + "type": "relationship", + "created": "2020-12-18T20:14:47.381Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "modified": "2020-12-28T18:59:33.140Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-EnterpriseApps", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)", + "relationship_type": "uses", + "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737", + "created": "2022-04-18T16:53:24.617Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Wandera-RedDrop", + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ", + "modified": "2022-04-20T16:33:23.507Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d", + "created": "2019-07-10T15:25:57.585Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint-Charger", + "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", + "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" + } + ], + "modified": "2019-10-09T14:51:42.827Z", + "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)", + "relationship_type": "uses", + "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f", + "created": "2020-06-26T15:12:40.100Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ESET DEFENSOR ID", + "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", + "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363", + "type": "relationship", + "created": "2020-12-24T22:04:27.992Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T22:04:27.992Z", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760", + "created": "2022-03-30T14:41:20.735Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android Changes to System Broadcasts", + "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts", + "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)", + "modified": "2022-03-30T14:41:20.735Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -34343,25 +32806,48 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787", "type": "relationship", - "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941", - "created": "2020-07-27T14:14:56.994Z", + "created": "2019-09-04T14:28:15.471Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-10-14T17:51:37.979Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0", + "created": "2020-10-29T17:48:27.394Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)", + "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34369,9 +32855,5356 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb", + "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe", "type": "relationship", - "created": "2020-12-18T20:14:47.412Z", + "created": "2020-07-15T20:20:59.282Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.282Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-09-18T13:45:58.872Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd", + "type": "relationship", + "created": "2020-06-26T15:12:40.094Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ESET DEFENSOR ID", + "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/", + "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:12:40.094Z", + "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)", + "relationship_type": "uses", + "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c", + "type": "relationship", + "created": "2021-02-17T20:43:52.324Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.324Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71", + "created": "2022-03-30T20:53:54.296Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T20:53:54.296Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", + "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106", + "type": "relationship", + "created": "2020-12-14T14:52:03.255Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T14:52:03.255Z", + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CheckPoint-Judy", + "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/", + "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1", + "type": "relationship", + "created": "2021-10-01T14:42:49.184Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-01T14:42:49.184Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b", + "created": "2022-04-06T15:51:11.939Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:51:11.939Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3", + "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1284f6fe-d352-415c-9479-82141524380a", + "created": "2022-03-30T18:06:48.250Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ", + "modified": "2022-03-30T18:06:48.250Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c", + "created": "2022-04-01T18:51:44.595Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.", + "modified": "2022-04-01T18:51:44.595Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c", + "created": "2020-12-24T21:55:56.693Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-19T16:26:30.170Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d", + "type": "relationship", + "created": "2020-07-27T14:14:56.961Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "modified": "2020-08-10T22:18:20.782Z", + "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a", + "type": "relationship", + "created": "2019-08-09T17:56:05.588Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-08-09T17:56:05.588Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d", + "created": "2019-09-23T13:36:08.451Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a", + "created": "2020-06-26T14:55:13.304Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed", + "created": "2019-07-10T15:35:43.668Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27", + "created": "2022-03-30T15:08:28.814Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation could detect unauthorized operating system modifications. ", + "modified": "2022-03-30T15:08:28.814Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109", + "type": "relationship", + "created": "2020-05-07T15:33:32.928Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "modified": "2020-05-07T15:33:32.928Z", + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf", + "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.", + "source_name": "CrowdStrike-Android" + } + ], + "modified": "2020-03-20T16:37:06.668Z", + "description": "(Citation: CrowdStrike-Android)", + "relationship_type": "uses", + "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c", + "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-EnterpriseApps", + "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/", + "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b", + "created": "2019-07-10T15:35:43.704Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)", + "modified": "2022-04-20T17:40:40.182Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8", + "type": "relationship", + "created": "2020-09-24T15:34:51.433Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" + } + ], + "modified": "2020-09-24T15:34:51.433Z", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f", + "type": "relationship", + "created": "2020-11-10T17:08:35.644Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.644Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3", + "type": "relationship", + "created": "2021-04-19T14:29:46.530Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2021-04-19T14:29:46.530Z", + "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2018-10-17T00:14:20.652Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09", + "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f", + "created": "2022-03-28T19:25:38.355Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates may contain patches that inhibit system software compromises.", + "modified": "2022-03-28T19:25:38.355Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819", + "type": "relationship", + "created": "2019-08-07T15:57:13.412Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "modified": "2019-09-15T15:36:42.312Z", + "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4", + "type": "relationship", + "created": "2020-04-08T15:51:25.157Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:51:25.157Z", + "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418", + "type": "relationship", + "created": "2020-04-08T15:41:19.383Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:41:19.383Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb", + "created": "2022-04-05T19:46:05.853Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Samsung Keyboards", + "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-", + "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)", + "modified": "2022-04-05T19:46:05.853Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc", + "type": "relationship", + "created": "2020-12-24T21:55:56.688Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.688Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f", + "created": "2022-03-30T20:07:33.291Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T20:07:33.291Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0", + "created": "2022-04-05T19:49:06.417Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", + "modified": "2022-04-05T19:49:06.417Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f", + "type": "relationship", + "created": "2021-10-01T14:42:49.191Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "modified": "2021-10-01T14:42:49.191Z", + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b", + "created": "2021-02-17T20:49:24.542Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b", + "type": "relationship", + "created": "2020-12-24T21:45:56.981Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:45:56.981Z", + "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f0851531-e554-4658-920c-f2342632c19a", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Adware", + "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.", + "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is packed with at least eight publicly available exploits that can perform rooting.(Citation: Lookout-Adware)", + "relationship_type": "uses", + "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358", + "type": "relationship", + "created": "2020-11-10T17:08:35.664Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-01T19:48:44.840Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b", + "created": "2020-04-08T15:51:25.128Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369", + "type": "relationship", + "created": "2019-12-10T16:07:41.066Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "modified": "2019-12-10T16:07:41.066Z", + "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b", + "created": "2021-01-05T20:16:20.490Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408", + "created": "2020-06-26T14:55:13.349Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason EventBot", + "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", + "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)", + "modified": "2022-04-18T15:57:14.375Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", + "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965", + "type": "relationship", + "created": "2020-04-08T15:51:25.106Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:51:25.106Z", + "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097", + "created": "2022-04-01T15:16:26.387Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be instructed to not open links in applications they don’t recognize.", + "modified": "2022-04-01T15:16:26.387Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48", + "type": "relationship", + "created": "2020-12-14T15:02:35.257Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T15:02:35.257Z", + "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ", + "modified": "2022-03-28T19:20:30.375Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14", + "created": "2020-06-26T15:32:25.043Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-15T15:49:23.497Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2", + "type": "relationship", + "created": "2020-06-26T15:32:25.062Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:32:25.062Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd", + "created": "2022-04-01T15:02:43.475Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T15:02:43.475Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38", + "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8ff45341-60d6-40d3-bb38-566814a466f9", + "created": "2020-07-20T13:27:33.552Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can perform primitive emulation checks.(Citation: Talos-WolfRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4", + "created": "2022-04-05T19:38:41.538Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ", + "modified": "2022-04-05T19:38:41.538Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe", + "created": "2017-10-25T14:48:53.746Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ", + "modified": "2022-03-30T20:07:33.678Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58", + "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc", + "created": "2020-09-14T14:13:45.286Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)", + "modified": "2022-04-20T17:33:36.404Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402", + "created": "2021-10-01T14:42:49.178Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9", + "created": "2022-04-05T19:52:32.201Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-05T19:52:32.201Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1", + "type": "relationship", + "created": "2020-07-15T20:20:59.284Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.284Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083", + "created": "2020-01-27T17:05:58.331Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Bouncing Golf 2019", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2022-04-20T17:39:12.403Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://www.wandera.com/reddrop-malware/", + "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.", + "source_name": "Wandera-RedDrop" + } + ], + "modified": "2019-09-10T13:14:39.009Z", + "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)", + "relationship_type": "uses", + "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b", + "type": "relationship", + "created": "2020-12-14T15:02:35.286Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Securelist Asacub", + "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", + "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T15:02:35.286Z", + "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)", + "relationship_type": "uses", + "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b", + "created": "2021-01-05T20:16:20.492Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631", + "type": "relationship", + "created": "2020-11-24T17:55:12.885Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.885Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527", + "created": "2019-09-04T14:28:16.335Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Monokle", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349", + "created": "2020-10-29T19:01:13.826Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Microsoft MalLockerB", + "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", + "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3f81a680-3151-4608-b83f-550756632013", + "type": "relationship", + "created": "2020-07-20T13:58:53.604Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + } + ], + "modified": "2020-09-24T15:12:24.301Z", + "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6", + "created": "2021-04-26T15:33:55.905Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CitizenLab Circles", + "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/", + "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24", + "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31", + "created": "2022-04-06T13:41:17.517Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T13:41:17.517Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb", + "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f", + "type": "relationship", + "created": "2020-07-15T20:20:59.305Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "modified": "2020-07-15T20:20:59.305Z", + "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050", + "type": "relationship", + "created": "2020-06-26T15:32:24.955Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "modified": "2020-06-26T15:32:24.955Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0", + "created": "2020-12-31T18:25:05.164Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)", + "modified": "2022-04-15T15:16:53.317Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf", + "created": "2020-09-24T15:34:51.213Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248", + "type": "relationship", + "created": "2019-07-10T15:25:57.604Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" + } + ], + "modified": "2019-08-12T17:30:07.572Z", + "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Gooligan Citation", + "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", + "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" + } + ], + "modified": "2019-10-10T15:18:51.154Z", + "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)", + "relationship_type": "uses", + "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57", + "type": "relationship", + "created": "2020-04-08T15:51:25.120Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "ThreatFabric Ginp", + "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", + "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:51:25.120Z", + "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)", + "relationship_type": "uses", + "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695", + "type": "relationship", + "created": "2020-09-11T16:23:16.363Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T16:23:16.363Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0", + "type": "relationship", + "created": "2020-12-14T14:52:03.396Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-16T20:52:21.426Z", + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378", + "type": "relationship", + "created": "2019-09-03T19:45:48.515Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.216Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27", + "type": "relationship", + "created": "2020-07-20T13:27:33.488Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.704Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489)’s code is obfuscated.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef", + "created": "2022-03-30T20:41:43.314Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "New OS releases frequently contain additional limitations or controls around device location access.", + "modified": "2022-03-30T20:41:43.314Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d", + "type": "relationship", + "created": "2021-02-08T16:36:20.774Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.495Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0", + "created": "2017-10-25T14:48:53.741Z", + "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.", + "modified": "2022-03-30T20:25:46.994Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e", + "type": "relationship", + "created": "2020-09-15T15:18:12.425Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "modified": "2020-09-15T15:18:12.425Z", + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1", + "type": "relationship", + "created": "2020-07-20T13:49:03.693Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro-XLoader-FakeSpy", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", + "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." + } + ], + "modified": "2020-09-24T15:12:24.242Z", + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9", + "created": "2022-04-06T13:57:38.847Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T13:57:38.847Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7", + "type": "relationship", + "created": "2020-12-31T18:25:05.125Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.125Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9", + "created": "2020-09-15T15:18:12.419Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Cybereason FakeSpy", + "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", + "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a", + "created": "2022-03-30T19:54:43.835Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ", + "modified": "2022-03-30T19:54:43.835Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055", + "created": "2020-01-27T17:05:58.310Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Bouncing Golf 2019", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699", + "created": "2020-04-24T15:06:33.393Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91", + "created": "2020-12-18T20:14:47.369Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "WhiteOps TERRACOTTA", + "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", + "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7", + "created": "2020-07-20T13:27:33.440Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c", + "type": "relationship", + "created": "2020-01-21T15:29:27.041Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "modified": "2020-01-21T15:29:27.041Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000", + "created": "2022-03-30T15:13:42.462Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T15:13:42.462Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", + "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164", + "type": "relationship", + "created": "2020-01-27T17:49:05.664Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:49:05.664Z", + "description": "(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd", + "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733", + "created": "2021-10-01T14:42:49.154Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f", + "created": "2019-12-10T16:07:41.083Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList DVMap June 2017", + "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/", + "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)", + "modified": "2022-04-15T16:00:59.657Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012", + "type": "relationship", + "created": "2020-12-14T14:52:03.218Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "modified": "2020-12-14T14:52:03.218Z", + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2", + "type": "relationship", + "created": "2019-11-21T16:42:48.497Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "modified": "2019-11-21T16:42:48.497Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50", + "type": "relationship", + "created": "2021-09-20T13:50:02.036Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2021-09-20T13:50:02.036Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010", + "type": "relationship", + "created": "2020-07-20T13:27:33.459Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos-WolfRAT", + "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", + "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." + } + ], + "modified": "2020-08-10T21:57:54.516Z", + "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)", + "relationship_type": "uses", + "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1", + "created": "2020-10-29T17:48:27.272Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-15T16:53:00.735Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e", + "type": "relationship", + "created": "2021-02-08T16:36:20.692Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "modified": "2021-05-24T13:16:56.443Z", + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c", + "created": "2019-09-03T20:08:00.687Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos Gustuff Apr 2019", + "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", + "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--93c20f43-6684-471c-910f-d9577f289677", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)", + "modified": "2022-04-19T15:47:05.436Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e", + "created": "2022-03-30T20:45:34.433Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android Package Visibility", + "url": "https://developer.android.com/training/package-visibility", + "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", + "modified": "2022-04-11T19:19:52.562Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df", + "created": "2020-12-14T14:52:03.351Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae", + "type": "relationship", + "created": "2021-02-17T20:43:52.407Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout FrozenCell", + "url": "https://blog.lookout.com/frozencell-mobile-threat", + "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." + } + ], + "modified": "2021-02-17T20:43:52.407Z", + "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)", + "relationship_type": "uses", + "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf", + "type": "relationship", + "created": "2020-09-11T15:43:49.309Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "modified": "2020-09-11T15:43:49.309Z", + "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983", + "type": "relationship", + "created": "2019-09-04T15:38:56.916Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CyberMerchants-FlexiSpy", + "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", + "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." + } + ], + "modified": "2019-09-10T14:59:26.071Z", + "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)", + "relationship_type": "uses", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-StealthMango", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf" + } + ], + "modified": "2019-10-10T15:27:22.174Z", + "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee", + "created": "2020-11-24T17:55:12.895Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678", + "type": "relationship", + "created": "2021-09-20T13:59:00.498Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2021-09-20T13:59:00.498Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42", + "type": "relationship", + "created": "2020-11-10T17:08:35.593Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-11-10T17:08:35.593Z", + "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee", + "type": "relationship", + "created": "2019-09-04T14:28:15.991Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:12.803Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a", + "type": "relationship", + "created": "2019-08-09T17:53:48.716Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", + "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", + "source_name": "TrendMicro-RCSAndroid" + } + ], + "modified": "2019-08-09T17:53:48.716Z", + "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)", + "relationship_type": "uses", + "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf", + "type": "relationship", + "created": "2020-09-11T14:54:16.617Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Desert Scorpion", + "url": "https://blog.lookout.com/desert-scorpion-google-play", + "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-11T14:54:16.617Z", + "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)", + "relationship_type": "uses", + "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038", + "type": "relationship", + "created": "2020-12-24T21:45:56.961Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:45:56.961Z", + "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f", + "type": "relationship", + "created": "2019-09-23T13:36:08.448Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "source_name": "securelist rotexy 2018" + } + ], + "modified": "2019-10-15T19:56:50.651Z", + "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080", + "type": "relationship", + "created": "2019-09-04T14:28:15.909Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-09-04T14:32:12.568Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299", + "created": "2022-04-01T15:13:40.779Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Trend Micro iOS URL Hijacking", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/", + "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12). iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", + "modified": "2022-04-01T15:13:40.779Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590", + "created": "2019-09-23T13:36:08.543Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Adware", + "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/", + "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)", + "modified": "2022-04-15T16:00:47.923Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898", + "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c", + "created": "2020-12-14T14:52:03.385Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-20T17:56:51.457Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-Xbot", + "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)", + "relationship_type": "uses", + "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e", + "type": "relationship", + "created": "2019-07-10T15:25:57.602Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Dark Caracal Jan 2018", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf" + } + ], + "modified": "2019-08-12T17:30:07.571Z", + "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794", + "type": "relationship", + "created": "2020-04-08T15:41:19.451Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Cofense Anubis", + "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/", + "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020." + } + ], + "modified": "2020-04-08T15:41:19.451Z", + "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e", + "created": "2022-04-01T17:05:56.046Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ", + "modified": "2022-04-01T17:05:56.046Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187", + "created": "2020-09-14T14:13:45.236Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184", + "created": "2021-02-08T16:36:20.785Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout-Pegasus", + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", + "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c", + "created": "2020-11-24T17:55:12.883Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)", + "modified": "2022-04-18T19:24:55.357Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330", + "created": "2022-04-01T15:01:53.321Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.", + "modified": "2022-04-01T15:01:53.321Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", + "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc", + "type": "relationship", + "created": "2020-06-02T14:32:31.871Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-24T18:24:35.795Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-NotCompatible", + "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.", + "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)", + "relationship_type": "uses", + "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe", + "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d", + "created": "2019-09-03T19:45:48.487Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e", + "type": "relationship", + "created": "2020-12-17T20:15:22.454Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Palo Alto HenBox", + "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", + "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." + } + ], + "modified": "2020-12-17T20:15:22.454Z", + "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)", + "relationship_type": "uses", + "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", + "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa", + "type": "relationship", + "created": "2020-11-24T17:55:12.804Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.804Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de", + "type": "relationship", + "created": "2020-11-20T15:46:51.603Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T15:46:51.603Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f", + "created": "2021-01-20T16:01:19.488Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Trend Micro Anubis", + "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html", + "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e", + "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-BrainTest", + "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", + "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)", + "relationship_type": "uses", + "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "NYTimes-BackDoor", + "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html", + "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a", + "type": "relationship", + "created": "2020-09-24T15:34:51.244Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" + } + ], + "modified": "2020-09-24T15:34:51.244Z", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd", + "created": "2019-08-07T15:57:13.409Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky Riltok June 2019", + "url": "https://securelist.com/mobile-banker-riltok/91374/", + "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)", + "modified": "2022-04-19T20:05:59.204Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea", + "created": "2022-04-06T13:40:14.515Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Android 10 Privacy Changes", + "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data", + "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)", + "modified": "2022-04-06T13:40:14.515Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b", + "created": "2020-11-24T18:18:33.772Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694", + "type": "relationship", + "created": "2019-11-19T17:32:20.701Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "modified": "2019-12-26T16:14:33.468Z", + "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb", + "type": "relationship", + "created": "2020-01-27T17:05:58.308Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", + "source_name": "Trend Micro Bouncing Golf 2019" + } + ], + "modified": "2020-01-27T17:05:58.308Z", + "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)", + "relationship_type": "uses", + "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f", + "created": "2020-10-29T19:01:13.839Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Microsoft MalLockerB", + "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", + "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", + "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71", + "created": "2022-04-18T15:49:00.561Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)", + "modified": "2022-04-18T15:49:00.561Z", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710", + "type": "relationship", + "created": "2020-09-14T14:13:45.256Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-14T14:13:45.256Z", + "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80", + "created": "2022-03-31T19:51:41.431Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.", + "modified": "2022-03-31T19:51:41.431Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643", + "created": "2020-09-14T13:35:45.909Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ESET-Twitoor", + "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", + "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)", + "modified": "2022-04-20T12:58:23.550Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", + "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e", + "created": "2022-04-08T16:29:30.371Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-08T16:29:30.371Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747", + "created": "2022-03-30T19:51:56.543Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T19:51:56.543Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", + "source_name": "PaloAlto-SpyDealer" + } + ], + "modified": "2019-08-09T17:56:05.683Z", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae", + "created": "2019-09-04T20:01:42.753Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Nightwatch screencap April 2016", + "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/", + "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ", + "modified": "2022-04-01T13:31:59.712Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658", + "created": "2022-04-01T19:06:40.361Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T19:06:40.361Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c", + "created": "2022-04-01T14:59:39.294Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Apple regularly provides security updates for known OS vulnerabilities.", + "modified": "2022-04-01T14:59:39.294Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", + "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7", + "type": "relationship", + "created": "2019-03-11T15:13:40.425Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.", + "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A", + "source_name": "TrendMicro-Anserver2" + } + ], + "modified": "2019-10-15T19:55:04.517Z", + "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)", + "relationship_type": "uses", + "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327", + "created": "2022-04-01T18:53:48.715Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T18:53:48.715Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler-SpyNote", + "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", + "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e", + "created": "2022-03-30T18:15:03.625Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T18:15:03.625Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d", + "type": "relationship", + "created": "2019-09-03T19:45:48.505Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.178Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd", + "created": "2021-01-05T20:16:20.488Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8", + "created": "2022-04-15T15:57:32.958Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-15T15:57:32.958Z", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678", + "type": "relationship", + "created": "2020-09-24T15:34:51.315Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" + } + ], + "modified": "2020-09-24T15:34:51.315Z", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4", + "type": "relationship", + "created": "2019-09-03T19:45:48.485Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SWB Exodus March 2019", + "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", + "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + } + ], + "modified": "2019-09-11T13:25:19.117Z", + "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ", + "relationship_type": "uses", + "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", + "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51", + "created": "2020-12-14T14:52:03.359Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-19T20:20:46.694Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "FireEye-RuMMS", + "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html", + "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438", + "created": "2022-03-30T20:07:19.296Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-03-30T20:07:19.296Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-Xbot", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", + "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Kaspersky-WUC", + "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/", + "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506", + "type": "relationship", + "created": "2020-11-20T16:37:28.567Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.567Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef", + "created": "2020-09-14T14:13:45.291Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009", + "type": "relationship", + "created": "2020-11-20T16:37:28.391Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Symantec GoldenCup", + "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", + "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." + } + ], + "modified": "2020-11-20T16:37:28.391Z", + "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)", + "relationship_type": "uses", + "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9", + "created": "2022-03-28T19:25:49.640Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Ensure Verified Boot is enabled on devices with that capability.", + "modified": "2022-03-28T19:25:49.640Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07", + "type": "relationship", + "created": "2020-12-24T21:45:56.949Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:45:56.949Z", + "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8", + "created": "2022-04-01T15:16:02.324Z", + "x_mitre_version": "0.1", + "external_references": [ + { + "source_name": "iOS Universal Links", + "url": "https://developer.apple.com/ios/universal-links/", + "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020." + }, + { + "source_name": "Android App Links", + "url": "https://developer.android.com/training/app-links/verify-site-associations", + "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020." + }, + { + "source_name": "IETF-PKCE", + "url": "https://tools.ietf.org/html/rfc7636", + "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ", + "modified": "2022-04-01T15:16:02.324Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66", + "created": "2019-10-01T14:23:44.054Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "securelist rotexy 2018", + "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", + "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ", + "modified": "2022-04-18T16:07:57.631Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", + "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5", + "created": "2022-04-06T15:47:06.163Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T15:47:06.163Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", + "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1", + "created": "2020-07-15T20:20:59.227Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Bitdefender Mandrake", + "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", + "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209", + "type": "relationship", + "created": "2020-04-24T15:06:33.449Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "modified": "2020-04-24T15:06:33.450Z", + "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)", + "relationship_type": "uses", + "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6", + "created": "2020-09-11T16:22:03.266Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout ViperRAT", + "url": "https://blog.lookout.com/viperrat-mobile-apt", + "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127", + "type": "relationship", + "created": "2020-12-24T21:55:56.657Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "modified": "2020-12-24T21:55:56.657Z", + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86", + "created": "2022-04-06T13:55:37.498Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be advised that applications generally do not require permission to send SMS messages.", + "modified": "2022-04-06T13:55:37.498Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", + "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", + "source_name": "Lookout Dark Caracal Jan 2018" + } + ], + "modified": "2019-07-16T15:35:21.063Z", + "description": "(Citation: Lookout Dark Caracal Jan 2018)", + "relationship_type": "uses", + "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", + "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88", + "created": "2022-04-01T12:37:42.068Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ", + "modified": "2022-04-01T12:37:42.068Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "PaloAlto-DualToy", + "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.", + "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)", + "relationship_type": "uses", + "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878", + "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1", + "created": "2020-12-24T21:45:56.920Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec", + "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "ArsTechnica-HummingBad", + "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/", + "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store.(Citation: ArsTechnica-HummingBad)", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3", + "type": "relationship", + "created": "2020-09-14T14:13:45.296Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout eSurv", + "url": "https://blog.lookout.com/esurv-research", + "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020." + } + ], + "modified": "2020-09-14T14:13:45.296Z", + "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)", + "relationship_type": "uses", + "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d", + "type": "relationship", + "created": "2020-12-31T18:25:05.133Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CYBERWARCON CHEMISTGAMES", + "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", + "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." + } + ], + "modified": "2020-12-31T18:25:05.133Z", + "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)", + "relationship_type": "uses", + "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", + "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22", + "created": "2019-03-11T15:13:40.454Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-Anserver", + "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/", + "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)", + "modified": "2022-04-18T19:04:48.388Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8", + "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db", + "type": "relationship", + "created": "2019-08-09T17:59:48.988Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", + "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", + "source_name": "Lookout-StealthMango" + } + ], + "modified": "2019-08-09T17:59:48.988Z", + "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)", + "relationship_type": "uses", + "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", + "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--fb1fe91d-0997-4403-b2a6-88400f174791", + "created": "2020-05-07T15:06:51.458Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Bread", + "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html", + "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Bread](https://attack.mitre.org/software/S0432) had many fake reviews and ratings on the Play Store.(Citation: Google Bread) ", + "modified": "2022-04-19T14:25:41.669Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8", + "created": "2020-06-02T14:32:31.903Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Google Project Zero Insomnia", + "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", + "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859", + "type": "relationship", + "created": "2020-09-24T15:34:51.276Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Lookout-Dendroid", + "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.", + "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/" + } + ], + "modified": "2020-09-24T15:34:51.276Z", + "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)", + "relationship_type": "uses", + "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3", + "created": "2021-02-08T16:36:20.788Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "BlackBerry Bahamut", + "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", + "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)", + "modified": "2022-04-15T17:35:26.197Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c", + "created": "2017-12-14T16:46:06.044Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "PaloAlto-Xbot", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/", + "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce", + "created": "2022-04-01T18:42:50.381Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.", + "modified": "2022-04-01T18:42:50.381Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8", + "created": "2019-11-21T16:42:48.459Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList - ViceLeaker 2019", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9", + "created": "2019-07-16T14:33:12.113Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Krebs-Triada June 2019", + "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/", + "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019." + }, + { + "source_name": "Google Triada June 2019", + "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html", + "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)", + "modified": "2022-04-19T15:47:32.152Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52", + "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451", + "type": "relationship", + "created": "2017-12-14T16:46:06.044Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "FireEye-RuMMS", + "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.", + "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)", + "relationship_type": "uses", + "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c", + "created": "2022-04-01T18:45:00.923Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.", + "modified": "2022-04-01T18:45:00.923Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "type": "relationship", + "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11", + "created": "2022-09-29T20:08:54.389Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:38:37.195Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6", + "created": "2022-04-01T14:59:53.782Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Device attestation can often detect jailbroken devices.", + "modified": "2022-04-01T14:59:53.782Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", + "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07", + "type": "relationship", + "created": "2021-01-05T20:16:20.505Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Zscaler TikTok Spyware", + "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", + "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." + } + ], + "modified": "2021-01-05T20:16:20.505Z", + "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)", + "relationship_type": "uses", + "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce", + "created": "2022-04-06T13:57:24.730Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-06T13:57:24.730Z", + "relationship_type": "revoked-by", + "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69", + "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0", + "created": "2020-12-24T21:55:56.741Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Lookout Uyghur Campaign", + "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", + "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", + "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158", + "created": "2020-10-29T17:48:27.325Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Exobot", + "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", + "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)", + "modified": "2022-04-19T20:13:03.349Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", + "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a", + "created": "2020-06-26T15:32:24.962Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Threat Fabric Cerberus", + "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", + "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", + "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e", + "created": "2022-03-30T19:29:07.379Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.", + "modified": "2022-03-30T19:29:07.379Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", + "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372", + "type": "relationship", + "created": "2018-10-17T00:14:20.652Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Xiao-KeyRaider", + "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/" + } + ], + "modified": "2018-10-17T00:14:20.652Z", + "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)", + "relationship_type": "uses", + "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c", + "created": "2022-04-01T18:48:03.156Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "", + "modified": "2022-04-01T18:48:03.156Z", + "relationship_type": "subtechnique-of", + "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9", + "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912", + "type": "relationship", + "created": "2020-05-11T16:13:43.062Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "CheckPoint Agent Smith", + "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/", + "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020." + } + ], + "modified": "2020-05-11T16:13:43.062Z", + "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ", + "relationship_type": "uses", + "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637", + "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad", + "created": "2021-10-01T14:42:49.159Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "SecureList BusyGasper", + "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", + "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", + "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3", + "created": "2020-12-14T14:52:03.283Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "Sophos Red Alert 2.0", + "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/", + "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)", + "modified": "2022-04-20T16:43:23.973Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8", + "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c", + "type": "relationship", + "created": "2020-07-27T14:14:56.954Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Google Security Zen", + "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", + "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." + } + ], + "modified": "2020-08-10T22:18:20.777Z", + "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)", + "relationship_type": "uses", + "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d", + "type": "relationship", + "created": "2020-06-02T14:32:31.777Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Volexity Insomnia", + "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", + "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." + } + ], + "modified": "2020-06-02T14:32:31.777Z", + "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)", + "relationship_type": "uses", + "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", + "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d", + "created": "2017-10-25T14:48:53.746Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TelephonyManager", + "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html", + "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ", + "modified": "2022-03-30T21:04:59.921Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", + "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4", + "type": "relationship", + "created": "2020-09-11T15:57:37.770Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "SecurityIntelligence TrickMo", + "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", + "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." + } + ], + "modified": "2020-09-11T15:57:37.770Z", + "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)", + "relationship_type": "uses", + "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", + "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794", + "type": "relationship", + "created": "2019-11-21T16:42:48.488Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.", + "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", + "source_name": "SecureList - ViceLeaker 2019" + }, + { + "source_name": "Bitdefender - Triout 2018", + "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/", + "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020." + } + ], + "modified": "2020-01-21T14:20:50.474Z", + "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)", + "relationship_type": "uses", + "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", + "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce", + "type": "relationship", + "created": "2019-09-04T14:28:15.975Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", + "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", + "source_name": "Lookout-Monokle" + } + ], + "modified": "2019-10-14T17:51:38.054Z", + "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)", + "relationship_type": "uses", + "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809", + "type": "relationship", + "created": "2020-12-18T20:14:47.374Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { @@ -34380,14 +38213,82 @@ "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." } ], - "modified": "2020-12-18T20:14:47.412Z", - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)", + "modified": "2020-12-18T20:14:47.374Z", + "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)", "relationship_type": "uses", "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb", + "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e", + "created": "2018-10-17T00:14:20.652Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro-XLoader", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/", + "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", + "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1", + "type": "relationship", + "created": "2020-11-24T17:55:12.887Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Talos GPlayed", + "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", + "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + } + ], + "modified": "2020-11-24T17:55:12.887Z", + "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)", + "relationship_type": "uses", + "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec", + "created": "2022-04-01T15:54:48.924Z", + "x_mitre_version": "0.1", + "x_mitre_deprecated": false, + "revoked": false, + "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ", + "modified": "2022-04-01T15:54:48.924Z", + "relationship_type": "mitigates", + "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", + "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -34418,23 +38319,26 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451", "type": "relationship", - "created": "2019-10-10T15:03:27.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936", + "created": "2019-08-29T18:57:55.926Z", + "x_mitre_version": "1.0", "external_references": [ { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." + "source_name": "Samsung Keyboards", + "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-", + "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019." } ], - "modified": "2019-10-10T15:03:27.682Z", - "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", + "x_mitre_deprecated": false, + "revoked": false, + "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ", + "modified": "2022-04-05T19:41:57.905Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "mitigates", + "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", + "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", + "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, { @@ -34442,23 +38346,49 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956", - "created": "2020-11-24T17:55:12.873Z", + "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1", + "created": "2019-09-04T15:38:57.037Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." + "source_name": "FlexiSpy-Features", + "url": "https://www.flexispy.com/en/features-overview.htm", + "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ", - "modified": "2022-04-19T20:04:57.164Z", + "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)", + "modified": "2022-04-15T17:34:17.813Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", + "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", + "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421", + "created": "2020-04-24T15:12:11.217Z", + "x_mitre_version": "1.0", + "external_references": [ + { + "source_name": "TrendMicro Coronavirus Updates", + "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", + "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." + } + ], + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)", + "modified": "2022-04-19T20:11:19.381Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "relationship_type": "uses", + "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -34467,25 +38397,48 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], + "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73", "type": "relationship", - "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2", - "created": "2020-12-24T22:04:28.027Z", + "created": "2020-07-20T14:12:15.566Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "external_references": [ + { + "source_name": "Check Point-Joker", + "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/", + "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020." + } + ], + "modified": "2020-07-20T14:12:15.566Z", + "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)", + "relationship_type": "uses", + "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326", + "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", + "x_mitre_version": "1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, + { + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "type": "relationship", + "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13", + "created": "2017-12-14T16:46:06.044Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." + "source_name": "Lookout-PegasusAndroid", + "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", + "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ", - "modified": "2022-04-12T10:01:44.682Z", + "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)", + "modified": "2022-04-19T16:54:05.627Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0", + "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", + "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -34493,86 +38446,24 @@ "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], - "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276", "type": "relationship", - "created": "2021-09-24T14:47:34.449Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2021-10-04T20:08:48.556Z", - "description": "Mobile security products can often detect rooted devices.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c", - "type": "relationship", - "created": "2019-09-04T15:38:56.946Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "FlexiSpy-Features", - "url": "https://www.flexispy.com/en/features-overview.htm", - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." - } - ], - "modified": "2019-09-10T14:59:26.136Z", - "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232", - "type": "relationship", - "created": "2020-07-20T13:27:33.443Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.526Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c", - "created": "2017-12-14T16:46:06.044Z", + "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438", + "created": "2018-10-17T00:14:20.652Z", "x_mitre_version": "1.0", "external_references": [ { - "source_name": "Zscaler-SpyNote", - "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app", - "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017." + "source_name": "PaloAlto-SpyDealer", + "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", + "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." } ], "x_mitre_deprecated": false, "revoked": false, - "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)", + "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23", + "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -34582,16 +38473,16 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112", - "created": "2022-04-05T19:59:03.285Z", + "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca", + "created": "2022-04-06T13:22:57.754Z", "x_mitre_version": "0.1", "x_mitre_deprecated": false, "revoked": false, "description": "", - "modified": "2022-04-05T19:59:03.285Z", + "modified": "2022-04-06T13:22:57.754Z", "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626", - "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26", + "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120", + "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d", "x_mitre_attack_spec_version": "2.1.0", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" @@ -34627,27 +38518,8 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a", - "created": "2022-03-30T15:52:29.935Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products can potentially detect jailbroken or rooted devices.", - "modified": "2022-03-30T15:52:29.935Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b", - "created": "2021-02-17T20:49:24.542Z", + "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb", + "created": "2020-12-24T22:04:28.024Z", "x_mitre_version": "1.0", "external_references": [ { @@ -34658,730 +38530,12 @@ ], "x_mitre_deprecated": false, "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)", + "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)", "modified": "2022-04-12T10:01:44.682Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545", - "created": "2019-09-23T13:36:08.429Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37", - "type": "relationship", - "created": "2020-05-07T15:24:49.583Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-05-27T13:23:34.544Z", - "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd", - "created": "2022-04-01T15:03:02.553Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T15:03:02.553Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070", - "created": "2020-12-18T20:14:47.302Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)", - "modified": "2022-04-18T19:18:56.475Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3", - "created": "2020-11-24T17:55:12.830Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af", - "created": "2022-04-01T15:29:36.082Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications", - "modified": "2022-04-01T15:29:36.082Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798", - "type": "relationship", - "created": "2020-10-29T19:01:13.854Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Microsoft MalLockerB", - "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", - "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T19:01:13.854Z", - "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)", - "relationship_type": "uses", - "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9", - "type": "relationship", - "created": "2020-09-11T14:54:16.548Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Desert Scorpion", - "url": "https://blog.lookout.com/desert-scorpion-google-play", - "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T14:54:16.548Z", - "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)", - "relationship_type": "uses", - "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c", - "type": "relationship", - "created": "2019-07-10T15:35:43.631Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.741Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler-SuperMarioRun", - "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat", - "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)", - "modified": "2022-05-20T17:13:16.508Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e", - "created": "2022-03-30T19:29:07.379Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.", - "modified": "2022-03-30T19:29:07.379Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd", - "type": "relationship", - "created": "2019-07-10T15:35:43.699Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-08-09T18:06:11.839Z", - "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4", - "type": "relationship", - "created": "2020-09-11T15:57:37.770Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-09-11T15:57:37.770Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2018-10-17T00:14:20.652Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431", - "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4", - "type": "relationship", - "created": "2021-10-01T14:42:48.815Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-01T14:42:48.815Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f", - "type": "relationship", - "created": "2020-12-24T22:04:28.002Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.002Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky-Skygofree", - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)", - "modified": "2022-04-19T20:22:47.253Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db", - "type": "relationship", - "created": "2019-08-09T17:59:48.988Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.", - "source_name": "Lookout-StealthMango" - } - ], - "modified": "2019-08-09T17:59:48.988Z", - "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)", - "relationship_type": "uses", - "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-09-18T13:45:58.872Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556", - "created": "2019-09-04T15:38:56.678Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FlexiSpy-Features", - "url": "https://www.flexispy.com/en/features-overview.htm", - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." - }, - { - "source_name": "FortiGuard-FlexiSpy", - "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396", - "type": "relationship", - "created": "2020-12-14T15:02:35.304Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T15:02:35.304Z", - "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083", - "type": "relationship", - "created": "2020-07-20T13:27:33.483Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.688Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f", - "type": "relationship", - "created": "2020-12-24T22:04:28.005Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2020-12-24T22:04:28.005Z", - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3", - "created": "2021-02-08T16:36:20.788Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-15T17:35:26.197Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645", - "type": "relationship", - "created": "2021-02-08T16:36:20.655Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "modified": "2021-05-24T13:16:56.410Z", - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93", - "type": "relationship", - "created": "2020-09-11T15:50:18.937Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "source_name": "ThreatFabric Ginp" - } - ], - "modified": "2020-09-11T15:50:18.937Z", - "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8", - "type": "relationship", - "created": "2019-09-04T15:38:56.994Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "FlexiSpy-Features", - "url": "https://www.flexispy.com/en/features-overview.htm", - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019." - } - ], - "modified": "2019-09-10T14:59:26.171Z", - "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54", - "type": "relationship", - "created": "2021-10-01T14:42:48.744Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "modified": "2021-10-01T14:42:48.744Z", - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59", - "created": "2020-11-24T18:18:33.743Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-15T17:39:22.154Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47", + "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, @@ -35390,893 +38544,9 @@ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "type": "relationship", - "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408", - "created": "2017-12-14T16:46:06.044Z", + "id": "relationship--10560632-6449-4579-90eb-20fc46dcca08", + "created": "2020-10-29T19:21:23.200Z", "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Pegasus", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf", - "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)", - "modified": "2022-04-15T19:47:48.036Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a", - "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9", - "created": "2022-03-28T19:32:05.234Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.", - "modified": "2022-03-28T19:32:05.234Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1", - "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7", - "type": "relationship", - "created": "2019-10-15T19:33:42.204Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky-Skygofree", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/" - } - ], - "modified": "2019-10-15T19:33:42.204Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b", - "created": "2022-04-01T15:21:35.655Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ", - "modified": "2022-04-01T15:21:35.655Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132", - "created": "2022-03-30T14:06:26.530Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products can typically detect jailbroken or rooted devices. ", - "modified": "2022-03-30T14:06:26.530Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02", - "type": "relationship", - "created": "2020-12-17T20:15:22.452Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Palo Alto HenBox", - "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/", - "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019." - } - ], - "modified": "2020-12-17T20:15:22.452Z", - "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)", - "relationship_type": "uses", - "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632", - "created": "2019-08-07T15:57:13.441Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184", - "created": "2022-03-30T17:53:56.805Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T17:53:56.805Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b", - "created": "2022-03-30T19:28:42.179Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ", - "modified": "2022-03-30T19:28:42.179Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070", - "created": "2022-04-15T17:18:44.185Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Talos Gustuff Apr 2019", - "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html", - "description": "Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Gustuff](https://attack.mitre.org/software/S0406) obfuscated command information using a custom base85-based encoding.(Citation: Talos Gustuff Apr 2019)", - "modified": "2022-04-15T17:18:44.185Z", - "relationship_type": "uses", - "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041", - "type": "relationship", - "created": "2017-10-25T14:48:53.742Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-06-24T15:08:18.481Z", - "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3", - "type": "relationship", - "created": "2020-06-26T14:55:13.351Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T14:55:13.351Z", - "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/" - } - ], - "modified": "2019-08-09T17:52:31.838Z", - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39", - "created": "2020-12-14T15:02:35.294Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a", - "type": "relationship", - "created": "2021-02-17T20:43:52.333Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.333Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f", - "type": "relationship", - "created": "2019-09-04T15:38:56.799Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CyberMerchants-FlexiSpy", - "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html", - "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019." - } - ], - "modified": "2019-09-10T14:59:26.138Z", - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35", - "created": "2020-09-14T13:35:45.886Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ESET-Twitoor", - "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/", - "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e", - "created": "2022-03-30T18:07:07.306Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ", - "modified": "2022-03-30T18:07:07.306Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24", - "type": "relationship", - "created": "2020-01-27T17:05:58.267Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-01-27T17:05:58.267Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03", - "type": "relationship", - "created": "2020-11-10T16:50:39.134Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "modified": "2021-04-19T15:40:36.387Z", - "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)", - "relationship_type": "uses", - "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "PaloAlto-WireLurker", - "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.", - "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)", - "relationship_type": "uses", - "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb", - "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab", - "type": "relationship", - "created": "2020-09-11T16:22:03.229Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.229Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126", - "created": "2019-09-03T19:45:48.517Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72", - "type": "relationship", - "created": "2020-11-24T17:55:12.900Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.900Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader", - "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/" - } - ], - "modified": "2020-07-20T13:49:03.710Z", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout-BrainTest", - "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.", - "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)", - "relationship_type": "uses", - "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775", - "created": "2022-04-05T20:15:43.660Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T20:15:43.660Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8", - "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120", - "type": "relationship", - "created": "2019-07-10T15:47:19.659Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.", - "source_name": "Lookout Dark Caracal Jan 2018" - } - ], - "modified": "2019-07-16T15:35:21.086Z", - "description": "(Citation: Lookout Dark Caracal Jan 2018)", - "relationship_type": "uses", - "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12", - "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724", - "created": "2022-04-01T15:02:21.344Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Device attestation can often detect jailbroken devices. ", - "modified": "2022-04-01T15:02:21.344Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c", - "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-BrainTest", - "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/", - "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc", - "created": "2019-09-04T14:28:15.412Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": " [Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe", - "type": "relationship", - "created": "2020-11-20T15:54:07.747Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T15:54:07.747Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531", - "type": "relationship", - "created": "2019-08-07T15:57:13.417Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Kaspersky Riltok June 2019", - "url": "https://securelist.com/mobile-banker-riltok/91374/", - "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019." - } - ], - "modified": "2019-09-15T15:36:42.340Z", - "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)", - "relationship_type": "uses", - "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390", - "type": "relationship", - "created": "2019-08-09T18:08:07.109Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/", - "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.", - "source_name": "Kaspersky-Skygofree" - } - ], - "modified": "2019-08-09T18:08:07.109Z", - "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)", - "relationship_type": "uses", - "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb", - "type": "relationship", - "created": "2020-06-26T14:55:13.261Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T14:55:13.261Z", - "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64", - "type": "relationship", - "created": "2019-11-21T16:42:48.495Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "modified": "2019-11-21T16:42:48.495Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016", - "created": "2022-04-15T18:12:53.512Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Xiao-KeyRaider", - "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/", - "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407/) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)", - "modified": "2022-04-15T18:12:53.512Z", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16", - "created": "2022-03-30T14:43:46.034Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T14:43:46.034Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385", - "created": "2020-10-29T17:48:27.440Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Exobot", - "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html", - "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb", - "type": "relationship", - "created": "2020-10-29T19:21:23.162Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "source_name": "WeLiveSecurity AdDisplayAshas", @@ -36284,2157 +38554,24 @@ "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." } ], - "modified": "2020-10-29T19:21:23.162Z", - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)", + "x_mitre_deprecated": false, + "revoked": false, + "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.(Citation: WeLiveSecurity AdDisplayAshas)", + "modified": "2022-04-12T10:01:44.682Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "relationship_type": "uses", "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad", - "type": "relationship", - "created": "2020-11-20T16:37:28.429Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.429Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa", - "type": "relationship", - "created": "2020-11-24T17:55:12.903Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.903Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f", - "created": "2022-03-30T19:28:55.980Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.", - "modified": "2022-03-30T19:28:55.980Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2", - "type": "relationship", - "created": "2020-09-15T15:18:12.398Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "modified": "2020-09-15T15:18:12.398Z", - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889", - "type": "relationship", - "created": "2020-11-20T16:37:28.506Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.506Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55", - "type": "relationship", - "created": "2020-04-24T17:46:31.603Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.603Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a", - "type": "relationship", - "created": "2020-07-15T20:20:59.186Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Bitdefender Mandrake", - "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf", - "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020." - } - ], - "modified": "2020-07-15T20:20:59.186Z", - "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)", - "relationship_type": "uses", - "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d", - "created": "2020-12-18T20:14:47.297Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f", - "created": "2022-04-05T20:11:35.619Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ", - "modified": "2022-04-05T20:11:35.619Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-10-15T19:37:21.366Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273", - "type": "relationship", - "created": "2019-09-15T15:26:22.926Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-06-24T15:02:13.533Z", - "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4", - "created": "2022-04-06T15:28:20.249Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ", - "modified": "2022-04-06T15:28:20.249Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963", - "type": "relationship", - "created": "2019-09-03T19:45:48.494Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-09-11T13:25:19.179Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e", - "created": "2022-03-28T19:40:40.860Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-28T19:40:40.860Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc", - "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404", - "created": "2022-04-01T15:17:21.511Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T15:17:21.511Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58", - "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0", - "type": "relationship", - "created": "2020-04-24T15:12:11.185Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:12:11.185Z", - "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853", - "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f", - "type": "relationship", - "created": "2020-06-02T14:32:31.767Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Volexity Insomnia", - "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/", - "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.767Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61", - "type": "relationship", - "created": "2020-01-27T17:05:58.201Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/", - "source_name": "Trend Micro Bouncing Golf 2019" - } - ], - "modified": "2020-03-26T20:50:07.154Z", - "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)", - "relationship_type": "uses", - "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-StealthMango", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf", - "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654", - "type": "relationship", - "created": "2020-06-02T14:32:31.910Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Google Project Zero Insomnia", - "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html", - "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020." - } - ], - "modified": "2020-06-02T14:32:31.910Z", - "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)", - "relationship_type": "uses", - "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f", - "type": "relationship", - "created": "2019-09-03T19:45:48.492Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SWB Exodus March 2019", - "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html", - "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019." - } - ], - "modified": "2019-10-14T17:15:52.637Z", - "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ", - "relationship_type": "uses", - "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348", - "created": "2022-04-20T17:42:11.714Z", - "x_mitre_version": "0.1", - "external_references": [ - { - "source_name": "Wandera-RedDrop", - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)", - "modified": "2022-04-20T17:42:11.714Z", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e", - "created": "2020-06-26T15:32:24.921Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6", - "created": "2022-03-30T13:48:43.977Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security products can typically detect jailbroken or rooted devices. ", - "modified": "2022-03-30T13:48:43.977Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd", - "created": "2020-06-26T14:55:13.333Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason EventBot", - "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born", - "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000", - "created": "2022-03-30T15:13:42.462Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T15:13:42.462Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e", - "created": "2022-04-05T17:03:34.941Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T17:03:34.941Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78", - "type": "relationship", - "created": "2019-10-10T15:17:00.972Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.", - "url": "https://www.flexispy.com/en/features-overview.htm", - "source_name": "FlexiSpy-Features" - } - ], - "modified": "2019-10-14T18:08:28.666Z", - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f", - "created": "2022-04-01T18:52:13.171Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.", - "modified": "2022-04-01T18:52:13.171Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433", - "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01", - "created": "2022-03-30T14:00:45.120Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T14:00:45.120Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b", - "created": "2022-03-30T14:08:09.882Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T14:08:09.882Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38", - "created": "2022-04-01T18:43:25.764Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.", - "modified": "2022-04-01T18:43:25.764Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321", - "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3", - "created": "2019-07-10T15:35:43.712Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9", - "created": "2021-01-05T20:16:20.500Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223", - "type": "relationship", - "created": "2020-11-20T16:37:28.610Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Symantec GoldenCup", - "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans", - "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020." - } - ], - "modified": "2020-11-20T16:37:28.610Z", - "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)", - "relationship_type": "uses", - "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e", - "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c", - "created": "2021-01-05T20:16:20.508Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect the device’s call logs.(Citation: Zscaler TikTok Spyware)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Gooligan Citation", - "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.", - "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/" - } - ], - "modified": "2019-10-10T15:18:51.121Z", - "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)", - "relationship_type": "uses", - "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de", - "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4", - "type": "relationship", - "created": "2021-02-17T20:43:52.413Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout FrozenCell", - "url": "https://blog.lookout.com/frozencell-mobile-threat", - "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020." - } - ], - "modified": "2021-02-17T20:43:52.413Z", - "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)", - "relationship_type": "uses", - "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62", - "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "CheckPoint-Charger", - "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.", - "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/" - } - ], - "modified": "2019-10-09T14:51:42.845Z", - "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)", - "relationship_type": "uses", - "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4", - "created": "2020-09-15T15:18:12.362Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Cybereason FakeSpy", - "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world", - "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865", - "created": "2022-04-06T15:50:42.481Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:50:42.481Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34", - "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc", - "created": "2022-03-30T19:36:20.304Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.", - "modified": "2022-03-30T19:36:20.304Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-XcodeGhost1", - "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/", - "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016." - }, - { - "source_name": "PaloAlto-XcodeGhost", - "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/", - "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)", - "modified": "2022-04-15T15:10:16.607Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9", - "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d", - "type": "relationship", - "created": "2020-10-29T19:21:23.235Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T19:21:23.235Z", - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)", - "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef", - "created": "2022-03-30T20:41:43.314Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "New OS releases frequently contain additional limitations or controls around device location access.", - "modified": "2022-03-30T20:41:43.314Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564", - "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781", - "type": "relationship", - "created": "2020-04-24T15:06:33.503Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro Coronavirus Updates", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/", - "description": "T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T15:06:33.503Z", - "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)", - "relationship_type": "uses", - "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48", - "type": "relationship", - "created": "2020-12-14T15:02:35.257Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T15:02:35.257Z", - "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218", - "type": "relationship", - "created": "2018-10-17T00:14:20.652Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.", - "source_name": "PaloAlto-SpyDealer" - } - ], - "modified": "2019-08-09T17:56:05.686Z", - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3", - "created": "2019-10-18T15:51:48.487Z", - "x_mitre_version": "1.0", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.", - "modified": "2022-04-05T19:42:51.306Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c", - "type": "relationship", - "created": "2020-01-21T15:29:27.041Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecureList - ViceLeaker 2019", - "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/", - "description": "GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019." - } - ], - "modified": "2020-01-21T15:29:27.041Z", - "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)", - "relationship_type": "uses", - "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2", - "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a", - "created": "2020-12-24T21:55:56.691Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826", - "type": "relationship", - "created": "2020-06-26T15:32:25.050Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "modified": "2020-06-26T15:32:25.050Z", - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd", - "created": "2022-04-01T15:02:43.475Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-01T15:02:43.475Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38", - "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113", - "created": "2020-06-26T15:32:25.032Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Threat Fabric Cerberus", - "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html", - "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6", - "created": "2020-04-08T15:51:25.125Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "ThreatFabric Ginp", - "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html", - "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3", - "created": "2020-12-18T20:14:47.316Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "WhiteOps TERRACOTTA", - "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study", - "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402", - "created": "2021-10-01T14:42:49.178Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecureList BusyGasper", - "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/", - "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349", - "created": "2020-10-29T19:01:13.826Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Microsoft MalLockerB", - "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/", - "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has registered to receive 14 different broadcast intents for automatically triggering malware payloads. (Citation: Microsoft MalLockerB)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--4088b31b-d542-4935-84b4-82b592159591", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/", - "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.", - "source_name": "TrendMicro-RCSAndroid" - } - ], - "modified": "2019-10-10T15:22:52.591Z", - "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)", - "relationship_type": "uses", - "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b", - "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49", - "created": "2017-12-14T16:46:06.044Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-PegasusAndroid", - "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/", - "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421", - "type": "relationship", - "created": "2017-12-14T16:46:06.044Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-DressCode", - "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.", - "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/" - } - ], - "modified": "2018-10-17T00:14:20.652Z", - "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)", - "relationship_type": "uses", - "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca", - "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Wandera-RedDrop", - "url": "https://www.wandera.com/reddrop-malware/", - "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)", - "modified": "2022-04-20T17:41:46.451Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b", - "type": "relationship", - "created": "2020-07-20T13:27:33.549Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos-WolfRAT", - "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html", - "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back... . Retrieved July 20, 2020." - } - ], - "modified": "2020-08-10T21:57:54.524Z", - "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)", - "relationship_type": "uses", - "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6", - "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357", - "created": "2019-07-10T15:25:57.572Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Dark Caracal Jan 2018", - "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf", - "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f", - "created": "2019-09-23T13:36:08.463Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "securelist rotexy 2018", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087", - "type": "relationship", - "created": "2020-10-29T19:20:58.116Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "WeLiveSecurity AdDisplayAshas", - "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/", - "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020." - } - ], - "modified": "2020-10-29T19:20:58.116Z", - "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)", - "relationship_type": "uses", - "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23", - "created": "2020-12-24T22:04:27.911Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout Uyghur Campaign", - "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf", - "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b", - "created": "2021-01-05T20:16:20.490Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Zscaler TikTok Spyware", - "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware", - "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0", - "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523", - "type": "relationship", - "created": "2020-11-24T17:55:12.820Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "modified": "2020-11-24T17:55:12.820Z", - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--022e941f-30c3-45a9-9f6f-36e704b80060", - "created": "2020-04-24T17:46:31.574Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[TrickMo](https://attack.mitre.org/software/S0427) registers for the `SCREEN_ON` and `SMS_DELIVER` intents to perform actions when the device is unlocked and when the device receives an SMS message.(Citation: SecurityIntelligence TrickMo)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee", - "created": "2020-11-24T17:55:12.895Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Talos GPlayed", - "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html", - "description": "V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443", - "created": "2020-07-20T13:49:03.676Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)", - "modified": "2022-04-20T17:58:16.567Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901", - "type": "relationship", - "created": "2020-04-24T17:46:31.607Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "SecurityIntelligence TrickMo", - "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/", - "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020." - } - ], - "modified": "2020-04-24T17:46:31.607Z", - "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)", - "relationship_type": "uses", - "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a", - "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018", - "type": "relationship", - "created": "2019-09-04T14:28:15.941Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "source_name": "Lookout-Monokle" - } - ], - "modified": "2019-09-04T14:32:12.589Z", - "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64", - "type": "relationship", - "created": "2020-09-11T16:22:03.298Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Lookout ViperRAT", - "url": "https://blog.lookout.com/viperrat-mobile-apt", - "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020." - } - ], - "modified": "2020-09-11T16:22:03.298Z", - "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)", - "relationship_type": "uses", - "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb", - "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a", - "created": "2022-04-01T12:49:32.365Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ", - "modified": "2022-04-01T12:49:32.365Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e", - "created": "2019-09-04T14:28:15.479Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Lookout-Monokle", - "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf", - "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)", - "modified": "2022-04-19T14:25:41.669Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65", - "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41", - "created": "2020-12-14T15:02:35.208Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)", - "modified": "2022-04-19T20:11:55.606Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0", - "created": "2019-09-04T15:38:56.702Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "FortiGuard-FlexiSpy", - "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf", - "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81", - "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7", - "created": "2018-10-17T00:14:20.652Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "PaloAlto-SpyDealer", - "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/", - "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b", - "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73", - "created": "2020-12-31T18:25:05.162Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "CYBERWARCON CHEMISTGAMES", - "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w", - "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341", - "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a", - "created": "2022-03-30T19:54:43.835Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ", - "modified": "2022-03-30T19:54:43.835Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d", - "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9", - "created": "2022-04-05T19:52:32.201Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-05T19:52:32.201Z", - "relationship_type": "revoked-by", - "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2", - "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15", - "created": "2022-03-30T14:42:27.821Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-03-30T14:42:27.821Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9", - "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc", - "type": "relationship", - "created": "2019-09-23T13:36:08.441Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "description": "T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.", - "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/", - "source_name": "securelist rotexy 2018" - } - ], - "modified": "2019-09-23T13:36:08.441Z", - "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)", - "relationship_type": "uses", - "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063", - "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80", - "type": "relationship", - "created": "2020-07-20T13:49:03.692Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "TrendMicro-XLoader-FakeSpy", - "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/", - "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020." - } - ], - "modified": "2020-09-24T15:12:24.191Z", - "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)", - "relationship_type": "uses", - "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c", - "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e", - "created": "2021-02-08T16:36:20.630Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "BlackBerry Bahamut", - "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf", - "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", - "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c", - "created": "2022-04-06T15:52:07.805Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "", - "modified": "2022-04-06T15:52:07.805Z", - "relationship_type": "subtechnique-of", - "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e", - "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--17558571-7352-470b-b728-0511fb3f699d", - "type": "relationship", - "created": "2019-10-18T15:51:48.484Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "modified": "2020-06-24T15:02:13.534Z", - "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a", - "created": "2020-07-27T14:14:56.996Z", - "x_mitre_version": "1.0", - "external_references": [ - { - "source_name": "Google Security Zen", - "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html", - "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)", - "modified": "2022-04-12T10:01:44.682Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "relationship_type": "uses", - "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40", - "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b", - "type": "relationship", - "created": "2020-12-14T15:02:35.286Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "external_references": [ - { - "source_name": "Securelist Asacub", - "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/", - "description": "T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December 14, 2020." - } - ], - "modified": "2020-12-14T15:02:35.286Z", - "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)", - "relationship_type": "uses", - "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4", - "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd", - "x_mitre_version": "1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, - { - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "relationship", - "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d", - "created": "2022-04-01T13:26:39.773Z", - "x_mitre_version": "0.1", - "x_mitre_deprecated": false, - "revoked": false, - "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ", - "modified": "2022-04-01T13:26:39.773Z", - "relationship_type": "mitigates", - "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1", - "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", - "x_mitre_attack_spec_version": "2.1.0", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "aliases": [ "Dark Caracal" ], "x_mitre_domains": [ - "mobile-attack" + "mobile-attack", + "enterprise-attack" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -38471,7 +38608,8 @@ "Bahamut" ], "x_mitre_domains": [ - "mobile-attack" + "mobile-attack", + "enterprise-attack" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" @@ -38512,6 +38650,130 @@ "x_mitre_version": "1.1", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "modified": "2022-10-12T20:11:40.313Z", + "name": "Sandworm Team", + "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)", + "aliases": [ + "Sandworm Team", + "ELECTRUM", + "Telebots", + "IRON VIKING", + "BlackEnergy (Group)", + "Quedagh", + "Voodoo Bear" + ], + "x_mitre_deprecated": false, + "x_mitre_version": "2.2", + "x_mitre_contributors": [ + "Dragos Threat Intelligence" + ], + "type": "intrusion-set", + "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192", + "created": "2017-05-31T21:32:04.588Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/groups/G0034", + "external_id": "G0034" + }, + { + "source_name": "Voodoo Bear", + "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "ELECTRUM", + "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "Sandworm Team", + "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "Quedagh", + "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "BlackEnergy (Group)", + "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "Telebots", + "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "IRON VIKING", + "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" + }, + { + "source_name": "US District Court Indictment GRU Oct 2018", + "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.", + "url": "https://www.justice.gov/opa/page/file/1098481/download" + }, + { + "source_name": "Dragos ELECTRUM", + "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.", + "url": "https://www.dragos.com/resource/electrum/" + }, + { + "source_name": "F-Secure BlackEnergy 2014", + "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.", + "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf" + }, + { + "source_name": "iSIGHT Sandworm 2014", + "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.", + "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html" + }, + { + "source_name": "CrowdStrike VOODOO BEAR", + "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.", + "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/" + }, + { + "source_name": "InfoSecurity Sandworm Oct 2014", + "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.", + "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/" + }, + { + "source_name": "NCSC Sandworm Feb 2020", + "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.", + "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory" + }, + { + "source_name": "USDOJ Sandworm Feb 2020", + "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020.", + "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html" + }, + { + "source_name": "US District Court Indictment GRU Unit 74455 October 2020", + "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.", + "url": "https://www.justice.gov/opa/press-release/file/1328521/download" + }, + { + "source_name": "Secureworks IRON VIKING ", + "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.", + "url": "https://www.secureworks.com/research/threat-profiles/iron-viking" + }, + { + "source_name": "UK NCSC Olympic Attacks October 2020", + "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.", + "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_domains": [ + "enterprise-attack", + "ics-attack", + "mobile-attack" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "aliases": [ "Bouncing Golf" @@ -38544,6 +38806,92 @@ "x_mitre_version": "1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, + { + "modified": "2022-09-30T21:05:22.490Z", + "name": "Operation Dust Storm", + "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)", + "aliases": [ + "Operation Dust Storm" + ], + "first_seen": "2010-01-01T07:00:00.000Z", + "last_seen": "2016-02-01T06:00:00.000Z", + "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)", + "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)", + "x_mitre_deprecated": false, + "x_mitre_version": "1.0", + "type": "campaign", + "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "created": "2022-09-29T20:00:38.136Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/campaigns/C0016", + "external_id": "C0016" + }, + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_attack_spec_version": "3.0.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_domains": [ + "enterprise-attack", + "mobile-attack" + ] + }, + { + "modified": "2022-10-17T19:51:56.531Z", + "name": "Earth Lusca", + "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)", + "aliases": [ + "Earth Lusca", + "TAG-22" + ], + "x_mitre_deprecated": false, + "x_mitre_version": "1.0", + "type": "intrusion-set", + "id": "intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034", + "created": "2022-07-01T20:12:30.184Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/groups/G1006", + "external_id": "G1006" + }, + { + "source_name": "TAG-22", + "description": "(Citation: Recorded Future TAG-22 July 2021)" + }, + { + "source_name": "TrendMicro EarthLusca 2022", + "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.", + "url": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf" + }, + { + "source_name": "Recorded Future TAG-22 July 2021", + "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.", + "url": "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "x_mitre_domains": [ + "enterprise-attack", + "mobile-attack" + ], + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + }, { "aliases": [ "APT28", @@ -38561,6 +38909,7 @@ "TG-4127" ], "x_mitre_domains": [ + "enterprise-attack", "mobile-attack" ], "x_mitre_contributors": [ @@ -38761,128 +39110,6 @@ "x_mitre_version": "4.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" }, - { - "aliases": [ - "Sandworm Team", - "ELECTRUM", - "Telebots", - "IRON VIKING", - "BlackEnergy (Group)", - "Quedagh", - "VOODOO BEAR" - ], - "x_mitre_domains": [ - "mobile-attack" - ], - "x_mitre_contributors": [ - "Dragos Threat Intelligence" - ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "type": "intrusion-set", - "id": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192", - "created": "2017-05-31T21:32:04.588Z", - "x_mitre_version": "2.2", - "external_references": [ - { - "source_name": "mitre-attack", - "external_id": "G0034", - "url": "https://attack.mitre.org/groups/G0034" - }, - { - "source_name": "VOODOO BEAR", - "description": "(Citation: CrowdStrike VOODOO BEAR)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "ELECTRUM", - "description": "(Citation: Dragos ELECTRUM)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "Sandworm Team", - "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014) (Citation: InfoSecurity Sandworm Oct 2014)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "Quedagh", - "description": "(Citation: iSIGHT Sandworm 2014) (Citation: F-Secure BlackEnergy 2014)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "BlackEnergy (Group)", - "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "Telebots", - "description": "(Citation: NCSC Sandworm Feb 2020)(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "IRON VIKING", - "description": "(Citation: Secureworks IRON VIKING )(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020)" - }, - { - "source_name": "US District Court Indictment GRU Oct 2018", - "url": "https://www.justice.gov/opa/page/file/1098481/download", - "description": "Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020." - }, - { - "source_name": "Dragos ELECTRUM", - "url": "https://www.dragos.com/resource/electrum/", - "description": "Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020." - }, - { - "source_name": "F-Secure BlackEnergy 2014", - "url": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf", - "description": "F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016." - }, - { - "source_name": "iSIGHT Sandworm 2014", - "url": "https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html", - "description": "Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017." - }, - { - "source_name": "CrowdStrike VOODOO BEAR", - "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/", - "description": "Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018." - }, - { - "source_name": "InfoSecurity Sandworm Oct 2014", - "url": "https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/", - "description": "Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017." - }, - { - "source_name": "NCSC Sandworm Feb 2020", - "url": "https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory", - "description": "NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020." - }, - { - "source_name": "USDOJ Sandworm Feb 2020", - "url": "https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html", - "description": "Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved June 18, 2020." - }, - { - "source_name": "US District Court Indictment GRU Unit 74455 October 2020", - "url": "https://www.justice.gov/opa/press-release/file/1328521/download", - "description": "Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020." - }, - { - "source_name": "Secureworks IRON VIKING ", - "url": "https://www.secureworks.com/research/threat-profiles/iron-viking", - "description": "Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020." - }, - { - "source_name": "UK NCSC Olympic Attacks October 2020", - "url": "https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games", - "description": "UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020." - } - ], - "x_mitre_deprecated": false, - "revoked": false, - "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)", - "modified": "2022-05-23T21:21:17.572Z", - "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", - "name": "Sandworm Team", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - }, { "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json index 2a56e0d931..a02db239d3 100644 --- a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json +++ b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--89907550-f203-486a-8f15-da9f054da6bd", + "id": "bundle--8be966c2-e3c9-4d35-9f97-a070aac6c154", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json index fb9812747e..65eac3fcdd 100644 --- a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json +++ b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e07b5b51-1310-4cfd-b3ea-5f99b0519c94", + "id": "bundle--b4fb1d9c-5467-4eaf-8e94-de8c25411945", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json index 7e56ec1817..1161b30c0f 100644 --- a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json +++ b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5b856850-c132-4624-a4e4-efd6a481bbc9", + "id": "bundle--a7ed8896-7399-46f5-a19f-746b1e9e52f8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json index 9e0d1576d5..d3ee993403 100644 --- a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json +++ b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cc73df2a-bdd7-4150-988c-d89c69ab15a0", + "id": "bundle--1fa2792b-93bb-498f-8fa8-24630faaf7a0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json index 94c569a3e5..6435532f46 100644 --- a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json +++ b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--357ea4b3-4bb9-4899-ad09-76176f5a4838", + "id": "bundle--e91d05e9-18f1-4270-9aa8-fa52ee81ae2b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json index 708666ed5c..ec9d87e94b 100644 --- a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json +++ b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bc5cce63-b6b1-49be-b4fa-695c0100788f", + "id": "bundle--b7d2e304-c8e2-40b5-b741-c505d3f70c82", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json index 2f2e905273..fea44c8367 100644 --- a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json +++ b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3d111a36-6ea3-4874-aef8-0cf83ea15c16", + "id": "bundle--6edb3c35-8fd9-4ef9-a315-92c78cfa0f7f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json index 443fb4b1de..db33c1abc1 100644 --- a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json +++ b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1346313f-0b17-4085-9a96-b8b9bd67a97a", + "id": "bundle--4a57982d-76a2-4e14-8417-33a39f3b87d9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json index 4b507711ce..7ed9e1ee85 100644 --- a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json +++ b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2b82e351-e927-4e27-b051-17988ef6ab83", + "id": "bundle--490c0ea2-43cc-4a25-8ab1-a354cd028c58", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json index a766e17a16..78457cbc4b 100644 --- a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json +++ b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d6b01153-abcd-45a3-87e2-df473cec0be8", + "id": "bundle--037786a0-f63d-4352-8e0d-074548a6556c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json index 2f59964556..2ab4384a45 100644 --- a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json +++ b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--64a6d274-8d37-425b-9e57-33ad3103994b", + "id": "bundle--fc53592d-d115-4bd4-93ed-29cb34686961", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json index 5ec58e3b67..86240c1f2b 100644 --- a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json +++ b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--932f2448-9cd1-4b66-b53f-f8974202306d", + "id": "bundle--1fbcb20d-2716-4c1a-a2c4-8ab1a5d01530", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json index 89bb30fa4b..e6792189c0 100644 --- a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json +++ b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--470991cc-7156-4218-91bc-1f6637e74100", + "id": "bundle--467203e0-5040-4d76-ae92-d6d66822d51d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json index 5b50b45df4..067d820256 100644 --- a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json +++ b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a6932ff1-17f2-48ab-869f-030205676135", + "id": "bundle--a3187c5b-b815-4069-9bd3-59b711514331", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json index e8f8f4edcf..0f7fcb4b3a 100644 --- a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json +++ b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c1ad23be-fc01-411b-843a-368e52c00336", + "id": "bundle--a9738627-411a-4cbf-b6de-2c4206cdc9aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json index a89ef4085f..2598f92d5e 100644 --- a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json +++ b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b7450923-3785-4633-837f-a7c4c6316e17", + "id": "bundle--3f272fd0-c862-4cfe-9526-df161ce016cf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json index a51999f32c..ad12f06ef9 100644 --- a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json +++ b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e8def9ab-8d46-4479-9d0d-8035694f2854", + "id": "bundle--b4cba1b5-23ee-44ec-8636-c154a978f8b1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json index a6b0808709..a91e35b178 100644 --- a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json +++ b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e48a55dd-e705-4fce-935c-b621eeed84fa", + "id": "bundle--e51a17ca-13eb-4c8d-b878-48d80e59e6cf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json index 43d3778663..2197a7fe08 100644 --- a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json +++ b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a96a3fc6-51b6-4d74-ba7a-3b3d21e354f2", + "id": "bundle--fb4d8024-ef35-4748-9fdf-156e58680d16", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json index 53ee762d71..68c10f711e 100644 --- a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json +++ b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--17a43aee-d51c-4555-b909-14adbe7ebe01", + "id": "bundle--7a0a12c0-c8d5-4d81-8180-3ab35c677719", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json index 9501c61cf8..e05b1be77d 100644 --- a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json +++ b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db7e7c54-2889-46a2-a7eb-489a80e7c466", + "id": "bundle--dd7b4d06-ff82-4d9e-9097-a3c8ed50755b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json index 8dd6d1a166..73c2264015 100644 --- a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json +++ b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--095cda35-94ee-466d-b664-8e698345dfaa", + "id": "bundle--cbc460d4-1a3e-4dea-b092-4bf97cbc2ae7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json index dee7b2a4f3..990a50a81d 100644 --- a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json +++ b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--92bb27a0-5c4a-46e1-81b0-49d4578d1ee6", + "id": "bundle--1f64a7c0-7c65-4363-83e2-0fe40a0f82b4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json index 469a45e1de..61ff6a3ec9 100644 --- a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json +++ b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8259df2e-6eaa-4845-973c-904731827de8", + "id": "bundle--53e7f068-8f20-4e95-9eb4-e9a579d3a3b7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json index 302a915a2a..3e003f93d1 100644 --- a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json +++ b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7d701164-9fc0-4fda-b9fb-e8c51c911cf9", + "id": "bundle--d926635d-617a-423d-a1ea-60dfc7e79499", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json index 68b0b836e2..3aeb7d966b 100644 --- a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json +++ b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77241d37-4129-441d-b61d-178baaab4dbd", + "id": "bundle--caf09945-8a00-4ade-9490-cc76589b000a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json index d7cfa5040c..45157f68e4 100644 --- a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json +++ b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d5624a09-97e6-4db0-8f05-45cffc90be9a", + "id": "bundle--2d1bc4b5-cca3-4795-bdf9-ff8b47ee0911", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json index 76bf921ee0..b96eb10e7a 100644 --- a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json +++ b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b9f6ea4-3c18-4326-80aa-178a018a2636", + "id": "bundle--63bda14f-44db-4b10-b374-3f167b08575b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json index 00e9b21253..cd3ddfc765 100644 --- a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json +++ b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ec997b02-b49c-41da-8f00-dc78d398688c", + "id": "bundle--591236a5-3737-4d08-b941-5d181e4cbd54", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json index 62b05b58c0..713d55000b 100644 --- a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json +++ b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--863058ab-1dde-4c14-b631-183516036849", + "id": "bundle--0580f846-3a7b-4e19-96d2-3034cde2c438", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json index d2b2e199b1..aeff38ba15 100644 --- a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json +++ b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c2121805-3ab8-4cdb-8f5f-27461097297d", + "id": "bundle--c58f9674-3bec-4884-aedc-96e602241fd1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json index 00e0c1b42a..7de37140b8 100644 --- a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json +++ b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e23249d-5d05-46cb-89d4-924a1a95200c", + "id": "bundle--5814d6f1-28fa-432a-bfff-9167b7c0b868", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json index 20d2159050..cf696063bd 100644 --- a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json +++ b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7980be1c-76a5-494f-bcd1-45d1aafeae1f", + "id": "bundle--2efd8f4a-370d-4c75-be60-871b2e6d8b5b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json index 47853d411d..40a41e90d7 100644 --- a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json +++ b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aa8f8234-79e1-4261-af15-27641263e611", + "id": "bundle--7d6b007f-31b1-4572-afe0-af41889fada0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json index 327e6b7deb..b91689dd5e 100644 --- a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json +++ b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f650f720-f184-477f-8123-5d1123125591", + "id": "bundle--b990fc74-7759-4661-85b5-da271c40dfe7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json index 5e3572f9b4..7fa10f3008 100644 --- a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json +++ b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8f1207f0-ba52-4a8a-86af-d8ccb55cff67", + "id": "bundle--48080f8d-b9f9-4f72-aad3-f9a648aeacf9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json index 2706f8a7d8..32905a6783 100644 --- a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json +++ b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4b6df48a-c377-496a-88d5-f1d59080dcf5", + "id": "bundle--924c85a2-c791-4087-a567-18ba5bf4ebaf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json index f2c752bdac..c38ef0c437 100644 --- a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json +++ b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fa47393a-68e0-4c36-9528-866b5c3ee698", + "id": "bundle--5b2c8080-02f9-4f2a-a6d1-accfb2396d16", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json index 236ac36bbf..6a32c8c143 100644 --- a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json +++ b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2a729f7c-fb04-4857-b7ab-3908248e83df", + "id": "bundle--34ef50f5-a743-4797-9ab6-a976244c96fb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json index 965aadb13f..fb4363d739 100644 --- a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json +++ b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--54b487dc-cc87-46b9-bedb-d59a73ab5915", + "id": "bundle--2d46e192-12b1-4e82-85e4-f2d424d0057e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json index ec6125566b..809c8c93d2 100644 --- a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json +++ b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--02589664-a3c2-45b1-9ea2-6562b7c9f9cd", + "id": "bundle--3a80f096-ca5f-4516-b821-a542509abd8b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json index 82845e2136..424dca5196 100644 --- a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json +++ b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--10bbee55-fef5-456a-8a8a-91a2b0699c25", + "id": "bundle--bf21385a-85e5-47df-a086-021100ede190", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json index b9c941408a..f3d01974ff 100644 --- a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json +++ b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0befb5dc-3d89-4106-8aec-9d85dd6ce919", + "id": "bundle--f6a340a7-8145-4622-bc93-5c7e6a3c9b6d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json index e39d087d84..dfad08831a 100644 --- a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json +++ b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--39b97dbc-7967-4b5d-bb93-f5ba0098cfb6", + "id": "bundle--9b89437c-20fd-4e42-b08c-5339074c4a03", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json index 2ae542563e..f35f3ea476 100644 --- a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json +++ b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3cac180a-99fd-4b24-bc67-eaa58a17d753", + "id": "bundle--31bb0595-c312-4f61-959d-e328aaaeabff", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json index 6402a8dd60..8c041e0c85 100644 --- a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json +++ b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--32af13f8-025d-4f65-93ab-b0b54922163d", + "id": "bundle--8c1d016c-8350-48b4-b1a3-462581da6245", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json index b6db8cfb3c..a4d78ca1d5 100644 --- a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json +++ b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d4d067f-8bfc-403b-b719-c22e9d0d79de", + "id": "bundle--95eea8f7-17c2-4fcf-a61f-e0b780b75b7c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json index 55dfc77fa8..4c16b70fd8 100644 --- a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json +++ b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45407270-1be9-4d02-9309-a9d4357d1c21", + "id": "bundle--c0d6746f-1b1c-438c-80e0-598ddd734a5a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json index 66d8865d70..5688594f2e 100644 --- a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json +++ b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--edff214c-44d9-47b6-b9c4-f740e1178381", + "id": "bundle--c10daeaa-369c-47c6-8c08-11342b809430", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json index 9f0e77a273..5ece5cf99d 100644 --- a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json +++ b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aeea06d7-0ded-4f01-abe9-88b6f88fb329", + "id": "bundle--549f26ee-c7a6-46e1-8f30-f16b1972db72", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json index f2f524a7d5..7896e162ff 100644 --- a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json +++ b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0ff02431-e413-43dc-88ae-19d6244a3cb9", + "id": "bundle--da249b2e-5664-47d5-ba34-7936fa94ad81", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json index 74501270da..915d514d5d 100644 --- a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json +++ b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ed92d2ad-7493-4ed4-8d4c-3b9a2103d3b4", + "id": "bundle--b7dfb909-d0cb-409f-bfff-50ed70cc40f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json index c669c93c7f..017f97f2dc 100644 --- a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json +++ b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--17c7c351-69ec-413b-a974-532a5b9e0876", + "id": "bundle--27416cf6-19b0-4cbd-88c1-72672fbf3601", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json index 63036f56a5..a4de657492 100644 --- a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json +++ b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b64c3ec-f14f-40cd-b83c-bb68c4e6b8ca", + "id": "bundle--c8c4a41b-e495-4f0b-b689-4faf7d835ea5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json index ab2860c5c1..f07e5666cc 100644 --- a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json +++ b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9a4e9c92-9eb2-4381-a009-1fe3cb84d762", + "id": "bundle--8c6cdf3c-fbad-44a1-ba45-2d4760a7815c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json index 1677278c24..94c4cb93fc 100644 --- a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json +++ b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2f401bb-f423-44ad-8637-47ca88e6ef81", + "id": "bundle--d4c44220-ba59-4abf-9228-0ca3ca5b59b1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json index 22fbbfa42f..872a4ac4ac 100644 --- a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json +++ b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9a197318-76fa-4f4c-9543-630a471541b4", + "id": "bundle--74d4a2a8-458c-4558-984a-f699d1c01777", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json index 076a47acf2..efa1ede2f1 100644 --- a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json +++ b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--84ff418d-b7f3-4bb3-97ff-b328751392c6", + "id": "bundle--9b52a76f-7f07-4c52-b4bb-b524d45137cd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json index 15dafc5662..2d193264d6 100644 --- a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json +++ b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c3a7cc56-e925-4a20-a4af-feaa7bf251e1", + "id": "bundle--ab121a9d-22e2-4c51-9aa3-5bf058b53976", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json index c746123868..1c95ac96ec 100644 --- a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json +++ b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--66c98596-e795-43c8-ab95-358485c7a508", + "id": "bundle--03b95e89-fd80-40f5-a052-54bd52932a48", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json index 357f8bb9ca..9cd94e5d17 100644 --- a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json +++ b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--de44fca4-1724-4656-9e66-130a67b38bc3", + "id": "bundle--d2655d80-c439-42b3-a0af-81ad8c217b2c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json index ae7a7e9a2d..5f8b042536 100644 --- a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json +++ b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--12630e00-a241-470e-94f4-2944b26683bf", + "id": "bundle--b77461b9-8aed-4c72-98ff-246d3cb70f72", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json index 45920349c4..eeafe5e726 100644 --- a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json +++ b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c7b4dea3-6202-44dd-a551-48623b923274", + "id": "bundle--af3ef4b6-ccd5-4837-b9d6-e50da25b8536", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json index e84e2a3964..e80ecc5727 100644 --- a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json +++ b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--25203b3d-546f-49a1-a495-0fa50b7a15d7", + "id": "bundle--793c42ce-68c2-4759-b4e8-ff73b311ccc4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json index 07f11ef77f..5b78203a7c 100644 --- a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json +++ b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91858ad4-f13a-404c-bdd4-409eea6d9308", + "id": "bundle--1ed868a9-8ce9-44c1-9580-fef18c262756", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json index 97c99f15b4..a53aaebcc3 100644 --- a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json +++ b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f060a203-fa3b-4854-bbe4-80e59d764c41", + "id": "bundle--ebf1f36e-7ed1-421f-bab5-d5232b16fa3d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json index 412b906b39..a75cf31133 100644 --- a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json +++ b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--29d69715-53c5-460b-a111-806749af81cd", + "id": "bundle--d821b209-b743-40ce-9505-80826753ff58", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json index 08872d5d67..a3857005dd 100644 --- a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json +++ b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3ef3098-33e0-443f-9c65-8ae3b70bd955", + "id": "bundle--48bb1af5-e0a8-41e5-8fdd-c9c1825965a4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json index 425a191d3e..3c1f56f34f 100644 --- a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json +++ b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--16f11be2-f7cf-42f6-9ada-898b668e5855", + "id": "bundle--de08fa3a-f107-4c0a-8cc8-0081dadad564", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json index ca32a6dcc3..b806bf2b49 100644 --- a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json +++ b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b57bc135-141f-4039-b344-16e705529fa0", + "id": "bundle--602994a4-74f6-41f0-b1ff-b7404742daf8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json index 5c0f6074c2..96d463ea21 100644 --- a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json +++ b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--318cc06a-5eca-4d09-a775-ffe60c78e847", + "id": "bundle--ff67e19e-e3ca-4c14-a213-c3dbbe066abe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json index 2ef4518ca8..6c4556f442 100644 --- a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json +++ b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c6d04315-4d04-4695-b78f-6da23854ffbc", + "id": "bundle--13214733-59fd-48ff-9f4e-cd496ae68e14", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json index de27c8d26c..0461988b13 100644 --- a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json +++ b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--960f6e92-bd02-4b32-b1b2-cee9cf0e41ef", + "id": "bundle--5f27bed5-2111-47ec-bf33-2b640407ebd3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json index 275861c91a..18fa286bac 100644 --- a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json +++ b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--63ca08fb-8695-4ad4-a332-280e2b25c7b1", + "id": "bundle--1a32023b-76e5-49ad-a11f-c7ca679c9795", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json index 61060013db..290f0a7224 100644 --- a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json +++ b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ddd9d565-9cc1-4839-a8f5-b0bcf9005265", + "id": "bundle--061eb9f4-9656-44e5-aa36-15ba503d13fc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json index dcf106bd32..bcd87bde40 100644 --- a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json +++ b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2ff35e80-fed2-40de-a5ee-8878d944ed1e", + "id": "bundle--5a574f7b-7a05-48fc-97b7-d97ea488323e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json index 73781645dd..a1fdcfe911 100644 --- a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json +++ b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e183debb-f800-465e-b98a-3913c6527296", + "id": "bundle--d488c196-af2a-4290-9dbb-a856a340f14c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json index 4d05cc2243..8cb18fe8a8 100644 --- a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json +++ b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--369b6f2f-57f5-4ec6-9a75-ffdf38b0333b", + "id": "bundle--d89b0fd6-9a12-4510-8708-c2704bbdcd5d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json index a3a5762f79..ff395a464d 100644 --- a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json +++ b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bfcb7425-b1ec-4f28-982e-6125d0e71b02", + "id": "bundle--16f73c1f-2b5e-483b-84aa-02d69a151f24", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json index 450832112b..7d6666effc 100644 --- a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json +++ b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c8ff3274-a315-4874-886e-e5b42e35a1a9", + "id": "bundle--6b122311-d394-4d55-8afc-20c397549798", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json index 8ec262daf2..16882179a7 100644 --- a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json +++ b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f7513311-4c04-4997-bb2a-89af8e2433a6", + "id": "bundle--2e224982-fac7-45c4-93db-e8b3661db956", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json index b9c82da73b..82b73316f1 100644 --- a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json +++ b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5c3ee627-c56b-4e78-80ca-d8e38915e3db", + "id": "bundle--e4f92e11-b616-447c-a0e1-e485897c8c73", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json index 9cb4048c92..cd71eecce0 100644 --- a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json +++ b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08d66280-f61e-4535-b57a-46ab8c94d69e", + "id": "bundle--d90e514d-b9a3-48b0-8112-06261cb94f8c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json index c79e214e93..901723df64 100644 --- a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json +++ b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cf4498de-02f1-482f-8263-6d1bfd25971b", + "id": "bundle--b492bcbf-b2a4-4b28-9c4b-9ec9b6864cb0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json index c20b81f179..b37f05f10d 100644 --- a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json +++ b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0ff253d2-271e-4678-badc-33997dae255a", + "id": "bundle--4b872647-bf2a-4323-80f1-75a4cf416ce4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json index a8ad7635e7..53bc32c901 100644 --- a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json +++ b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--acc5fa93-7e57-46d9-a56c-1cbc16d62e8b", + "id": "bundle--ba74f580-3e6d-4326-aa18-b0ba66e3390f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json index 0021731263..5590600ea7 100644 --- a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json +++ b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3a26ba98-074d-42c1-b156-d8c7e3f880b7", + "id": "bundle--0bbb39a0-26f7-4386-9945-01247b76e7d2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json index ab2c1b8eb4..b66ff63360 100644 --- a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json +++ b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--132ae6e3-0251-4497-b987-c272725b1a52", + "id": "bundle--75601738-7e31-47a9-84a0-540b67cecf6b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json index 5f52c1e054..260d7c94e5 100644 --- a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json +++ b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1e9fef14-f2a4-4a05-8620-78720ef43811", + "id": "bundle--b3c3b430-e30d-4c95-b660-1af60969d8aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json index 0286459622..2e58344655 100644 --- a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json +++ b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ec915e15-41bb-4bb2-a9e1-7d4dc5fea196", + "id": "bundle--94fd2986-3d04-4590-959a-0dda2a998d2a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json index 9236337b59..ba66a8362d 100644 --- a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json +++ b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--882d40ca-9a95-42d2-bd8a-98f1dbf9868c", + "id": "bundle--a6631c07-496a-49ff-a670-c7e4be865a10", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json index 235327afc0..7e220836bf 100644 --- a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json +++ b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db3f222f-1a17-4f17-a0b5-c710e6d53491", + "id": "bundle--449ea918-defa-4115-b3a1-8889e807bb6e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json index e01b63aa97..50a20b1d49 100644 --- a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json +++ b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7feb22d6-6c6b-44fb-a603-48abcf81d45d", + "id": "bundle--ca1bf16d-6121-4de9-9f14-8df38bb58f99", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json index ee9f60909a..cb462de457 100644 --- a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json +++ b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d7c2900d-ebe6-4096-981c-120643d642ae", + "id": "bundle--893c887b-7465-4003-a34c-f848086c3702", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json index c263a2f80c..8cbe31aa5b 100644 --- a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json +++ b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d88c98c-fd8c-4672-8254-37ded5b60738", + "id": "bundle--de5d1e54-fa1a-47bc-b060-0a74f6e6be9b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json index 89622333fe..564d11a7f2 100644 --- a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json +++ b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a36c75e-b841-438a-b8b3-3178219576e1", + "id": "bundle--d49652cf-808b-4c96-973d-f3a0059e92c2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json index 18681570c5..c3f7d280c0 100644 --- a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json +++ b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7f1b1c5f-cce3-4401-be15-3c74aa86495e", + "id": "bundle--eeee96d6-5779-48f8-83ca-3d1dfb926551", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json index 228774feec..a9274ce8e6 100644 --- a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json +++ b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ba09d03f-17ce-4832-876e-3dac8b6d089c", + "id": "bundle--5e10045b-af43-48e6-9f46-7887e87cc5dc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json index 0df1ec9e48..309bbe8df6 100644 --- a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json +++ b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dc1399fc-ddf6-4ac8-80cf-08ad4a2aa48a", + "id": "bundle--c0677072-0b4d-4210-81f2-da816628bf7e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json index 0ffe8f8331..f740830a91 100644 --- a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json +++ b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a510a756-36e7-4afa-a3d0-7394cd71fc78", + "id": "bundle--22a28503-4875-4514-b516-6981951aef4c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json index 8239ca222d..d809070c74 100644 --- a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json +++ b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--34b4b99d-30be-4fa1-8505-65334703ae1e", + "id": "bundle--493fa4cf-2efa-4eab-b42f-c86f308c5b9b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json index f26616d671..f9d2ebf56c 100644 --- a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json +++ b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eb592a69-037b-44db-b19b-c02f0f3a2f78", + "id": "bundle--222f319e-a8a8-45e9-ae14-80358f4100da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json index 86e5c98cb0..76b5cfc7c8 100644 --- a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json +++ b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1af1051c-00eb-498e-b109-29eea0403b79", + "id": "bundle--118ecaff-10ec-47a2-bba1-6920bd4380c2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json index 19a731dafa..e320dd47b2 100644 --- a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json +++ b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c14dd8ea-6a86-4f8f-8ac9-322c7c9eb43b", + "id": "bundle--8ebf8b22-2a95-48f2-bff4-431bacf40388", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json index 5787cb239a..c65505ce2d 100644 --- a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json +++ b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--83bc0f4a-a474-4673-a199-db8820edb6ab", + "id": "bundle--8369e380-5fdc-46e8-a8a3-6fcfedf4d787", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json index 8a4bd7758c..e9763c8e3a 100644 --- a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json +++ b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--df6e90c3-1639-407d-bf8f-90dc90fe888f", + "id": "bundle--15a0f9ce-d647-4334-baa5-c565525da8cb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json index 46512c2c17..1b3e88d496 100644 --- a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json +++ b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--63122c6d-2c55-4c95-9d3d-893c46b939f7", + "id": "bundle--484db61b-f3ec-42c1-8677-7f5eebfc8bcf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json index cfc3aabf82..4d7c3c48bd 100644 --- a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json +++ b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7a2ba232-0ede-44e1-887a-79b395107e9b", + "id": "bundle--b1c4afab-926f-4d64-8300-6ccc188a3768", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json index b6631cef63..80fd209df3 100644 --- a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json +++ b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--49b949dc-db22-452f-a2b8-0acc1e8718d9", + "id": "bundle--7bd4eb7a-f51e-4431-aaf0-a8595748b1c3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json index afd14e8373..93bcaeec4e 100644 --- a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json +++ b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--39eb8d81-9ec3-4b50-a757-363a7153e69f", + "id": "bundle--114db05f-fcff-4ddb-90eb-e41ece86f528", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json index 5c6bed5aaa..439e6edcee 100644 --- a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json +++ b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--71707ab7-b557-46f1-9a41-c1a8a00c75c2", + "id": "bundle--e8855b9b-ae26-41a6-ae2f-5487896413ea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json index d7490de83d..e37685c20e 100644 --- a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json +++ b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d49a7af-2f4a-4a52-b409-1ae021626fb4", + "id": "bundle--8b316a92-7c92-4181-8caa-b57417ae6fe4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json index 96f34b2aad..f7c7bee49c 100644 --- a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json +++ b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c979075a-5bd1-4635-90ca-89c274b75a82", + "id": "bundle--82dec53e-cbb8-431c-a136-0104fd872f4a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json index 1980cb271a..d2f3e99a3e 100644 --- a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json +++ b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50d809ab-0a7b-47aa-bca0-f931ae023fe5", + "id": "bundle--fc4e9291-6af0-4fa0-a4cc-07e457f6d14c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json index c99bdbb0dc..b9b3f1cf70 100644 --- a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json +++ b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--81bf4992-ff6a-4574-a88b-0bb65bbc2e57", + "id": "bundle--8a8abcb7-f561-4192-bdc9-c4b973390d26", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json index 211a5fdec3..638a4f6d7e 100644 --- a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json +++ b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c03cb74c-1f73-4a26-9308-15c8f0e86d75", + "id": "bundle--e087186d-402a-4208-82f5-fe622d23f7cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json index edc034b90c..5a271b1672 100644 --- a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json +++ b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bcdecc2a-4683-4e15-a7ea-917f28e0136a", + "id": "bundle--8f770c18-9b1e-4786-b40d-6d8eb8a33ecf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json index 39a701720e..1b2b8744a5 100644 --- a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json +++ b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--747e390a-cacc-4553-b492-8f36fa20f580", + "id": "bundle--6078be3c-4d63-4321-b1b0-48c07a36dcc2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json index 5c5546edeb..f93df68500 100644 --- a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json +++ b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2492c29b-29d0-4c84-aa7c-72113d90c4cb", + "id": "bundle--6a722d48-5fdc-4f63-92bc-3e6a79acca89", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json index 55dea3ff87..6277fbb8ef 100644 --- a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json +++ b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ff55ac56-acab-4a07-9bb4-6fed2f01402a", + "id": "bundle--91c0ae27-ae4e-4c65-b4a9-700cc062d03e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json index e3bc30c72e..b40d46a4e8 100644 --- a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json +++ b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--60d640c1-3341-41bc-84ad-5b3a0d0a7d39", + "id": "bundle--f277afd7-56d1-4d47-a7c3-db6a28a06fe3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json index c5b499049b..626639d902 100644 --- a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json +++ b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a0fd27d9-a233-49df-ace7-3e1207ab6ff2", + "id": "bundle--c0b0a410-150f-4e58-b019-4144428f22cd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json index 084936b8e7..00c10c0061 100644 --- a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json +++ b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c030278d-bbdc-4b2b-a1e4-5242c2c4b84c", + "id": "bundle--d6ad4dd8-b5d3-4b73-adfc-fd81ceed4557", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json index fee78ebb6a..b5b416e6d6 100644 --- a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json +++ b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9e3d19b6-5f21-4ee0-b617-b347b787ddcb", + "id": "bundle--e8850cd6-6629-4cae-b145-68f5831bf0b4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json index d250fb4bd1..02bc467c20 100644 --- a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json +++ b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d8adbeb6-ceea-4331-8944-6102c8a1a596", + "id": "bundle--956b1e20-cffe-48bd-abcc-2938c9d7de8a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json index 78ce83a5e8..a76a28d58f 100644 --- a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json +++ b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bdb65c21-6907-4146-9479-40378fe5c605", + "id": "bundle--f598f01d-5156-490d-853d-78849b0fcc50", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json index bab783c0c9..b0aea7ebfa 100644 --- a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json +++ b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--266d56d4-b0df-4197-8a57-0e107713c41d", + "id": "bundle--7b39215b-bf34-4476-8ef1-bd91e7a7c576", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json index 5aed2f9870..ff0df9fccf 100644 --- a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json +++ b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--68f8cbed-5a2f-4f86-82ba-9f4292084aa5", + "id": "bundle--a021c1b2-1abb-4e1f-bfb0-56fd212f830a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json index 0a0b4027a8..1fd464f771 100644 --- a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json +++ b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50846ad4-ea23-4ff3-a52e-a66bc191f6d0", + "id": "bundle--8a748135-e009-4013-b351-3fd61c008e48", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json index 92a82c308c..18fc00f565 100644 --- a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json +++ b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b67d646c-9b9e-4ab3-b3bd-82c39f701dfb", + "id": "bundle--c32618c5-c51f-4d4c-89d3-49fc0b9d22d1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json index 1fe755a2f0..0cd075e2e6 100644 --- a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json +++ b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6641da46-cca6-450b-8b9e-1e503fc802da", + "id": "bundle--4b7ef8b2-5d80-4755-97d0-edd6d1beb390", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json index 57252ac0f6..74aa37faf7 100644 --- a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json +++ b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a261c678-f07a-4997-b4a4-375f793f655b", + "id": "bundle--ea96b5ec-35d9-404b-ba94-e33c87caa413", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json index a0d83006f6..ba0e37010f 100644 --- a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json +++ b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--75c179c0-4a5c-4c04-bd6a-0564c095a61f", + "id": "bundle--108bae8a-2547-44e9-8611-e7a2e4d6c886", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json index d0d3fe59e2..4244ef0ab9 100644 --- a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json +++ b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--493acba6-2e06-4dd5-94f8-8e7c00d6602a", + "id": "bundle--7396de7f-ef3a-476d-b341-f719cd4c766e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json index 31b399ea5e..7d81fbf488 100644 --- a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json +++ b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--40dbafe9-fd64-4b38-ad11-8fb4f0d5bb23", + "id": "bundle--4168bca5-71db-4b87-9dae-f2a314070538", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json index 3f3f2ad54e..349422777e 100644 --- a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json +++ b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fadd58f8-3b13-4cbf-8b9e-f04159cf1c26", + "id": "bundle--a9ba8554-cef3-4cc0-aba7-61ed7c44ae09", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json index 2f16997b29..b1ac25c7f6 100644 --- a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json +++ b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b9c0f71-f620-4d31-b339-7bcda5b333c3", + "id": "bundle--e5423884-55fc-4448-a0ea-916cc1e9b50b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json index 80688181cd..fb9805dd0e 100644 --- a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json +++ b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--69c93c6b-287d-4dce-afc2-1d5b90acf3bc", + "id": "bundle--3fc78ac3-169c-461d-b1cd-6ba6446b5010", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json index f86fde4187..5ef8dfd333 100644 --- a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json +++ b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bb065d54-a57f-4f15-a201-8bc2b718164f", + "id": "bundle--168c76da-4abb-4599-bf1e-4c35b10f976c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json index 5cea0d2d6c..a37b5d7091 100644 --- a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json +++ b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5200c977-94b7-4cab-a708-aa7c1ab71849", + "id": "bundle--e929d02c-eea4-420d-956c-e45cea984280", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json index 19b47514a7..8c5bbdd1a3 100644 --- a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json +++ b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--25fa6a25-ba84-4bad-b6bc-69f2e296c049", + "id": "bundle--1b1ca810-051e-4a1c-81bd-28b76a9985ce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json index fd39d301e1..e8aee21397 100644 --- a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json +++ b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--06f6d30b-69dc-417c-886d-fc2085f1b839", + "id": "bundle--2e556bd1-1255-4214-b242-39ec9b655b17", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json index dffb1abe6f..08e4786215 100644 --- a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json +++ b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--330065b8-1466-49b3-a892-7a054600999e", + "id": "bundle--cbb1e8ec-b003-4f4e-aec5-62c22bf91b47", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json index 9ca1d92a8a..a4d8afabea 100644 --- a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json +++ b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fa32d4c5-7f2a-4b75-902f-c9b24604caf2", + "id": "bundle--ed951a8d-2d7c-453e-80a7-fa63a26030fa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json index bf8a366899..8153bf4c9a 100644 --- a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json +++ b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91c91350-ac1b-4f69-8490-4967285434c2", + "id": "bundle--0677a009-26bf-4a20-b03b-d3db3e708ce7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json index 1ab56879bf..a1767e8f2d 100644 --- a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json +++ b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ab96f38a-30cd-4ee2-9f55-2fb8be7f4c4a", + "id": "bundle--0dcbeb70-cd86-4aa2-8006-3ffe7718527e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json index 879192710c..14c87e6347 100644 --- a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json +++ b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8d4151f6-a9d8-4866-a534-eab261ed76ff", + "id": "bundle--7634a01b-a486-4392-95a0-3167000698e1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json index a78ecd9de2..367ed3329a 100644 --- a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json +++ b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--33f5c87a-30e0-4916-a5a1-d64ce6aa1c35", + "id": "bundle--997e69ac-0689-4f28-a829-7edd625f7cdc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json index fd27ac62e6..1d37a8e86c 100644 --- a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json +++ b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--373ca49d-2edc-4d45-9c37-f0d21b819e29", + "id": "bundle--cba7186f-7d90-4bad-aba9-42d79abe0458", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json index 1cae35680d..df13938df7 100644 --- a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json +++ b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d8a720d6-f842-47c1-95ef-740156ba1ae4", + "id": "bundle--be50fac0-6ff1-4fa5-8056-c3677b57df5e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json index 5da735881f..c02e3c63a6 100644 --- a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json +++ b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--231b324f-d06c-40e7-9d18-8d5a8d3b61e3", + "id": "bundle--13369fb0-b433-4c36-b1af-926b3eb71c68", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json index 4bc6a56bdb..9f86778e23 100644 --- a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json +++ b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2183811-f87d-46c5-969a-fec64d4d32c3", + "id": "bundle--c4902ad1-0bd9-4f9c-8084-d1f689ccbffc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json index 1de46262c7..9b7d547632 100644 --- a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json +++ b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c4c03d3-89f5-497b-874f-95861f3773a9", + "id": "bundle--dabe8a67-f515-4890-9a37-5076f8788381", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json index 648eca0304..69d8ec75aa 100644 --- a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json +++ b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--84b80ddf-0986-4e60-8f3a-1c18575b320a", + "id": "bundle--ca99bc23-b1c6-4a99-8e0e-0585b44762a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json index 9635ed5e6a..bd55f7b395 100644 --- a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json +++ b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1a1e7071-0718-4f0a-839b-3a93a1bf17c4", + "id": "bundle--9c4d8be7-64d3-4e6a-8ea7-d39b69464540", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json index c4766950ae..c92628d818 100644 --- a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json +++ b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7d568e35-570f-493c-ae5d-243dfc34f292", + "id": "bundle--71c54648-5ee5-44b2-bfef-d336e646a563", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json index 704b42ce41..8dedd9429b 100644 --- a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json +++ b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9dd99be4-90df-4b35-960f-892f405e92ae", + "id": "bundle--cfb57282-17c6-4ae4-b60d-eb059a5ba54a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json index 2d598d7db2..260ccad556 100644 --- a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json +++ b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9d8865ef-9d4c-4db3-9d32-293db6a1c939", + "id": "bundle--93fb0d45-4a0c-4027-961f-99831acb5f28", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json index 1ea4207ceb..64000dc8d6 100644 --- a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json +++ b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fa561cbe-f3f5-443a-acb6-a81f06376a93", + "id": "bundle--fea0641e-e22f-482f-8d1c-e812b07a1d83", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json index 2c379b799f..7b3fbb574c 100644 --- a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json +++ b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c4d231ab-794b-44fd-86a1-ab5e9660aa9c", + "id": "bundle--67dfa0e1-6e85-4471-9d29-edba17424263", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json index 747c99e622..4d5a8b87f9 100644 --- a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json +++ b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--40608cd4-b8a6-4a5d-a479-27a9ccdd7756", + "id": "bundle--af34986e-cda3-46e8-96b0-2d2373ae88c6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json index 3f1b8ca211..5f61e72041 100644 --- a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json +++ b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8f4d4878-83f6-4821-b177-bd37858360ce", + "id": "bundle--67d3ff25-3ca6-4342-a2f7-4a83a1797189", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json index 2febb28d07..80e16417ae 100644 --- a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json +++ b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ceca93e1-1046-4c73-8c7c-a4f720b5c14b", + "id": "bundle--39ce3c62-7627-4732-9ce3-57aab2cbadbc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json index 8d93c93492..81ebdffdc9 100644 --- a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json +++ b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e66ff719-009d-4160-beff-27005f82e035", + "id": "bundle--3d26533a-ca09-4cf2-a88b-510cf34f730a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json index 86ffb0e18e..8d0f1cb463 100644 --- a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json +++ b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--62cf4541-ceb4-4d48-a61e-1d94fd71be94", + "id": "bundle--7195b11c-fc20-488e-919b-a374bb14b743", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json index d2c1bc5162..689bccbe51 100644 --- a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json +++ b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30864281-9c55-4db3-898b-7b077a89b69b", + "id": "bundle--9aedd8cf-75b6-4c31-9916-bd783be6b78a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json index d0abe11977..37740f996c 100644 --- a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json +++ b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--26ea9dc0-10c2-48a1-a296-e6e3b4490798", + "id": "bundle--87f1d2c0-0f52-4ab3-ba2f-b832475a99d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json index 8d860e950a..fe01943d04 100644 --- a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json +++ b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c9ca45bc-bfd1-4141-a288-76c933a9e38d", + "id": "bundle--417af596-c739-4d9c-bf4c-f8d5a4618b14", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json index 93f592afc2..3bb276abb0 100644 --- a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json +++ b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2a582e6e-cd6b-426e-8846-e2d09fdd5eff", + "id": "bundle--8385a666-9e4c-4b0b-99c2-ea1fd30d60a0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json index f8d0ed9c2a..b683b29bb8 100644 --- a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json +++ b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b43d7f4c-4c61-415a-a025-118694fe6da4", + "id": "bundle--955076f3-a186-44c5-8c62-df7c68d9e85e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json index 6518d3eb56..5ab0e57310 100644 --- a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json +++ b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18ef9a46-443b-43a8-b852-ea9b0ee57f7b", + "id": "bundle--80fa9540-81d4-476e-96b5-de5bbb314525", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json index 3631301076..a62304a1d4 100644 --- a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json +++ b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b842b19-62f8-4f7e-a8e5-d9d584e03bf2", + "id": "bundle--ebe91454-b96a-413a-9ff8-1cc492a60dc2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json index 1d02db16ad..e0ab39523d 100644 --- a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json +++ b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae4b8e5b-7dbf-413a-a95b-9d4ee9e56f63", + "id": "bundle--99163f8a-15f4-495b-bcc2-aadf8986133e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json index c9c2ba9546..cb7219b677 100644 --- a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json +++ b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5b6bded5-16b7-4658-b75b-fbe6211cbd1c", + "id": "bundle--bdcfef29-1c49-41e4-976b-647e45dee541", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json index 54e4f0d9a2..e6cefa9a5a 100644 --- a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json +++ b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ab7e3538-744d-493e-a153-bf25f58380f2", + "id": "bundle--6ef2774b-0e71-429b-b9ea-7985de84fcad", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json index 4dac8bf3ac..3d35f4b98b 100644 --- a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json +++ b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5f1e7cfb-492d-438d-8992-9ec4df362b30", + "id": "bundle--698109a0-dea0-4840-a674-c6f56957dcab", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json index 62b1d343c5..462d90e33b 100644 --- a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json +++ b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d631bdc1-3a3e-499a-8a16-6ad6ed1193c3", + "id": "bundle--28f5395a-b6ae-4627-adbe-e41cac4f381b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json index 86423a2aed..604dad1dd9 100644 --- a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json +++ b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--adb0616c-ab59-42a0-b313-0b62974222fc", + "id": "bundle--8b35b79c-3ad9-4f58-b734-4efc563ab0ae", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json index eb2dec6e0f..9369461f9e 100644 --- a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json +++ b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a19002d4-66f8-4fc7-9127-569cf4f5fa11", + "id": "bundle--ca230ec9-7fc8-4755-9452-1d52a3773ad6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json index a629af1243..c6a0b44550 100644 --- a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json +++ b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3ed943b-d215-409c-84c5-4750bf2a7dc1", + "id": "bundle--004e4b5c-96e2-4b25-a462-ef985101cc15", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json index 689a6ab2f0..c797280137 100644 --- a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json +++ b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--24a48fec-9183-42db-b321-cba086db2b13", + "id": "bundle--078c9212-b40c-4105-9491-23f9af29e554", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json index 4d77b75fd9..e873f85bee 100644 --- a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json +++ b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50c4f2f0-56ab-4ec9-82eb-f6cf49e617f0", + "id": "bundle--699dec44-ebe6-49b1-b849-74df7a989786", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json index 5a3895fcf6..ed755079d5 100644 --- a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json +++ b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--216506a7-e46c-4e92-9318-25f4e823512a", + "id": "bundle--a4932535-935b-4d2e-908b-8e560aad909f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json index 2779e0fe7e..3d521b7778 100644 --- a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json +++ b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a09b6172-093f-4a32-bf28-37b2f6d201a0", + "id": "bundle--540a105e-fd9c-4297-a761-601079d45f20", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json index eb16c41aca..a085659b56 100644 --- a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json +++ b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--03dec08e-caeb-405f-9726-4f80c58829b1", + "id": "bundle--ea4e21bf-afa5-491f-b9ee-36bc98f31a1c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json index 12091b7ad6..59d189132e 100644 --- a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json +++ b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8a007e67-85fe-4f7d-a97a-350c2066c75a", + "id": "bundle--ed015367-c0d6-4816-981c-cb0f459db5db", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json index 63801771dd..20f6e611d8 100644 --- a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json +++ b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6cbf931a-c826-44c9-bda0-34c2f539b831", + "id": "bundle--98845432-fbe0-46f4-bf07-f8b7e56293ff", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json index ff379e29e0..954e35f4ed 100644 --- a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json +++ b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3286b35a-56de-4d53-8687-ecbdfd32da06", + "id": "bundle--13563ff1-075c-4cac-ab10-4eca7c0c8ed7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json index ca840866af..81b7617d0a 100644 --- a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json +++ b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eb87fb5b-93d2-40fe-8d34-9f7fd9020295", + "id": "bundle--65122d23-9359-4d9b-b5a9-44a0baa098b9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json index 5ba1db08cc..07784da762 100644 --- a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json +++ b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1fb4392-869f-468e-a93e-ccb7331f74ae", + "id": "bundle--cda4ccda-57c5-423b-9eba-63eb4ffb4fd9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json index 461e93cbd3..761b254524 100644 --- a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json +++ b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6fd4d8d8-800b-4407-ac1d-16323056277d", + "id": "bundle--06333369-7fdf-4b76-b77d-ab4c1fdae8f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json index 3c777544c1..2ad08683f8 100644 --- a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json +++ b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--129948d4-2562-4b0a-8cc7-2bdc045bcf84", + "id": "bundle--a70b780c-0b1c-46b1-a765-8ac7779b04e9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json index 4f620c7a15..e8ce5ab35d 100644 --- a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json +++ b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08c19e0c-12e1-4601-a203-ec6d416e6502", + "id": "bundle--592d41ab-3d29-4096-8c7a-3472d6ce5918", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json index 378a7c3ef2..62150c680e 100644 --- a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json +++ b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--034ad22d-97e0-4759-847c-79b4c91d91df", + "id": "bundle--27489909-1633-4ab8-bdc4-5986fd07076e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json index b1777aef24..71282fc0b1 100644 --- a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json +++ b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d5444f15-081c-4612-bfa9-290228c0c165", + "id": "bundle--b8680209-0d3c-4ab0-a02b-abbb561deb36", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json index 5e387b7f0b..63bd383f57 100644 --- a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json +++ b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1fb65a2e-25c4-4c10-af42-af2d637ccf5d", + "id": "bundle--d25173ab-59a6-421b-8f60-8f36928854f8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json index 581bbe9581..de10e8ec0b 100644 --- a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json +++ b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--16e36575-025b-4659-8fc0-c9c27792893b", + "id": "bundle--8d24c9ca-ed57-47a5-8896-be7dd1b20b0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json index c301082340..ba7897a237 100644 --- a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json +++ b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--59fd48a4-c76b-4ac0-b247-a06570c34333", + "id": "bundle--2f70a30f-71d4-4bb0-b52b-a2c745c01e9a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json index 70a4b4f85b..f5d0286f3e 100644 --- a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json +++ b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4d804660-21e1-4c3b-bcae-94547c7a3e80", + "id": "bundle--3e789fd7-cda5-4408-aac6-472beb3a7190", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json index 0b283ed6b4..78a6244056 100644 --- a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json +++ b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3e6638c6-8934-41e1-952e-a8bdd4d952b4", + "id": "bundle--f58c68aa-e534-4e78-8962-bced03f62501", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json index 3e01a82189..1ef24ca0ec 100644 --- a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json +++ b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--994d0749-7ae8-4dc7-84cd-0384dd129f78", + "id": "bundle--eb88bef7-607c-4a62-ab05-656dd03815f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json index d83ebabe7a..282dade993 100644 --- a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json +++ b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30d561c2-b42e-4a0e-a7ea-dd97770d150b", + "id": "bundle--47990561-6cbd-48c3-9a6c-2993090b0c28", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json index 2eb7e9507f..fb5cfb7fed 100644 --- a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json +++ b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--988ee557-04ff-4fde-a000-337c84187628", + "id": "bundle--912c6527-7403-4719-9181-d35d848942da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json index eae08acd4f..9f827bd5a8 100644 --- a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json +++ b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30186819-5e74-4093-8ca6-a4891c3f3959", + "id": "bundle--c92c54cf-e5b3-4280-b4ac-b1faf8198550", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json index f91a8de02c..978839bd99 100644 --- a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json +++ b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c64df71c-bf69-43c9-9815-e665ff0d83fb", + "id": "bundle--ba02bd3a-d044-4a9f-8717-d42d74245a61", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json index 0741500147..fd788589af 100644 --- a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json +++ b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db900fdf-cd36-4e55-8564-b5d844eb9b3b", + "id": "bundle--cb076ce3-b55a-4cf4-82e6-ac370308848f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json index af78011d0a..5be7b1a779 100644 --- a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json +++ b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--196ca038-ae0b-40e0-87ed-75c086f0c391", + "id": "bundle--197cc1ec-3104-40de-8bf2-cccebbfada56", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json index 87857cc50e..d93d5936ad 100644 --- a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json +++ b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4a127be2-f995-484f-a712-0b69171a5e2e", + "id": "bundle--272a67d1-0a10-46a1-a4ac-b0a18a693289", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json index ddbf0a5455..ef23977b66 100644 --- a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json +++ b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d248b2c-19e5-417a-8855-6697bbfd40ae", + "id": "bundle--30912f94-5836-4733-8b0e-124512bc9c8d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json index 5a3003dbfe..0dcb1665dd 100644 --- a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json +++ b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2da3f4d0-284a-4b7d-a8ba-d29eab5589ca", + "id": "bundle--8afaa40f-4776-487f-bee4-0e07c8feeba3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json index eb9749c2e4..863b135252 100644 --- a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json +++ b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fe709f1c-8a29-4113-8665-f25667481e66", + "id": "bundle--965978cb-41a4-40e3-a4eb-26777d53e279", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json index 016dcb6c4c..e49834d9b3 100644 --- a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json +++ b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--12dc98bc-94ed-42af-ab53-5a125c5c700b", + "id": "bundle--04a31ff0-47ff-4a0a-8943-6719d0899979", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json index 82be58201a..edf951c977 100644 --- a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json +++ b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45b766a9-2476-4b16-9894-e8b6f5122e14", + "id": "bundle--9372d657-adb1-4f20-b1b4-de9a01e5f368", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json index 12935ad1ae..27b021c953 100644 --- a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json +++ b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f49b03c6-0d52-445f-8a40-3eb3526e3014", + "id": "bundle--0086d3d4-7887-46a3-b1ce-5c417d3818a8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json index b027362902..626b32f706 100644 --- a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json +++ b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bdaee622-2cce-4752-9c37-3747c0e11e50", + "id": "bundle--96b2a6fa-e730-4bd5-a266-000d69c14912", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json index 9fa5a6dbf4..13640f54cd 100644 --- a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json +++ b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--edbd9ce7-4f7b-4f72-b460-cf0b7bb994b6", + "id": "bundle--2661e4fc-2655-4af5-8ab6-a7ab4013ba93", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json index 3c4991f217..5bf527c5a0 100644 --- a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json +++ b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--97e001be-d1a9-4bb0-b011-b7ab8fb1da5f", + "id": "bundle--853d3fa9-75d3-4d7f-a305-85503d4be00a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json index fc12f1c959..e222b06703 100644 --- a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json +++ b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--101f5a35-c10c-40ce-84c9-6794464dab2b", + "id": "bundle--93eecfca-173e-475b-830a-5c35862d14a8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json index e9eb4b1ed3..8bef21d02e 100644 --- a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json +++ b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a5e077f-ffa5-45af-b9aa-fbfc38604d9d", + "id": "bundle--95a9c696-5aa9-48d2-8755-d40bdcb63e5a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json index 8ba8bfac16..0b58cc8435 100644 --- a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json +++ b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45b039e3-a700-4bd5-9e58-257c2536cc67", + "id": "bundle--717a747f-f6ca-4a49-a76d-3f62707a8268", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json index 206a78a5c7..b3b9eb2cab 100644 --- a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json +++ b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--32f50578-a2fa-470a-9a66-195b0438fc87", + "id": "bundle--30509a94-5a7e-4466-899f-936c97a39bfb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json index 1156656c4c..6eaaa37ffd 100644 --- a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json +++ b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f8ab399b-41db-456b-8a0a-4b8f2545fd03", + "id": "bundle--6360e6fc-1c51-46b5-98de-220d17586931", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json index c08ef644da..f5ddae9176 100644 --- a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json +++ b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--04b17b40-dd62-40fa-b85e-56d6739796c4", + "id": "bundle--1bc90f83-5bbf-4f3b-b822-677236228119", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json index 72c097d94f..940d24d5f1 100644 --- a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json +++ b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fb4a70eb-9a2d-47a3-8a7a-545e64d6fc00", + "id": "bundle--d6ab7bfa-c495-48a3-8223-cb7509aa5de0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json index de2e0b4742..6608599612 100644 --- a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json +++ b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--48d671c2-b056-457e-b90e-cac94c288e1d", + "id": "bundle--6a225867-b50c-45b7-bbf8-907f558f52eb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json index 158edbe0bc..8a00aafa46 100644 --- a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json +++ b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bcd6b18e-a7f1-4912-95ca-3f37f4777617", + "id": "bundle--d615c3f9-14ed-4f29-a805-2fc8aa60d6c9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json index c88dd97983..1d5c139b6b 100644 --- a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json +++ b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77ced433-1b56-4ea3-a0fd-b96201d8ed3b", + "id": "bundle--f136961e-9fa5-45a5-96a9-e07a9f7d0a70", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json index 519d3773e8..9aa8fcc2f5 100644 --- a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json +++ b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3da1b9fb-ed19-4fbe-afc9-21940db3c55d", + "id": "bundle--47860218-bc1f-4e96-b93c-c10ab704e322", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json index 2e7a21e159..207169881c 100644 --- a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json +++ b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b2020d6d-ab80-4f4a-a504-c49b511fb376", + "id": "bundle--7c603822-e732-4d43-a1e8-c52d6e754245", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json index 87c80b749d..54d84e0285 100644 --- a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json +++ b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--63393f64-d5a7-49d2-aed5-4ca9e1598806", + "id": "bundle--cd631c89-de89-4291-8385-1a256969a94f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json index b345999b01..b79a896a95 100644 --- a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json +++ b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c36fe72e-ddff-426e-8bdd-b2d911b2768f", + "id": "bundle--4f9f7e1a-c989-4a50-8e32-da817c1dcd57", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json index cb154450c3..399ce5ef23 100644 --- a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json +++ b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--07b65e26-5de7-4de0-8208-8164e19d362f", + "id": "bundle--cdb704ab-4907-4859-89c5-d6e2f206ef0d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json index 91850c514a..1c9f6ad62f 100644 --- a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json +++ b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1e0af538-6c70-4116-b53a-8d92679b55c2", + "id": "bundle--b1dd0af8-6c0f-43fe-9f6a-2a45cc7a7002", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json index 4221644d2c..37f12c9b58 100644 --- a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json +++ b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a7e0c7d8-c47c-49d2-9ab2-d34983ab501f", + "id": "bundle--4b228bf4-c7c2-4f16-a147-21a9a4b9f853", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json index 75f52b234a..d9a9bd8c30 100644 --- a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json +++ b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cb5e7f21-8cc7-4cf4-825d-b12c433e71bf", + "id": "bundle--bcc12291-484e-444d-a08d-d83cd0365fd4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json index 3c0a281a07..3413988c32 100644 --- a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json +++ b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b2201c5a-593c-436e-b98e-9e31d68c230d", + "id": "bundle--562a6a98-ae64-4aa5-970b-dc27d93fec22", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json index 57133ce447..262456c001 100644 --- a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json +++ b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b74734e-199d-4de5-a50c-fb42882386ee", + "id": "bundle--8763bf71-8d2e-4393-89ef-f9dede5ddb82", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json index 0c1bb2528d..956fede91d 100644 --- a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json +++ b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1d66137-6c38-4b2c-91ac-8107f56c7b60", + "id": "bundle--170c45ed-5a83-4704-8a2f-9399e995de06", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json index 922b685781..8dcdcf7fbf 100644 --- a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json +++ b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3281b4f-5735-4537-87ed-983e87a44e3a", + "id": "bundle--e06f735d-1db1-4eae-89d1-f42ef4bdf83d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json index e11be5e6bd..0c758696dc 100644 --- a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json +++ b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b166698-13d5-4a32-a59b-06c09961422e", + "id": "bundle--bcd765cc-2d32-4887-b40e-e07413fe28fe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json index 0791fe4229..f0f62be743 100644 --- a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json +++ b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9628003b-f4b7-4d5f-8d79-bd525941e1e3", + "id": "bundle--6e8b8523-f860-4ef5-b58c-827d98e6552c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json index 33b8976126..b119ab5010 100644 --- a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json +++ b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b3f26530-91ff-46eb-a697-a2bded036bfb", + "id": "bundle--7c415e89-ff53-4fc4-b5b0-1e07f7cbcef6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json index 036b8926b4..432e9b24cf 100644 --- a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json +++ b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dd7941ce-338c-4f9a-aa63-4680167669b7", + "id": "bundle--bc2ea937-dbaf-4536-9bd5-276e4d34ccf2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json index b12b3d2457..f5b568ff90 100644 --- a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json +++ b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77eb8e7e-1ec9-4145-b128-1bf3258d554c", + "id": "bundle--11a8c657-acad-489d-b3e9-69cbd84af2fb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json index 8674f412ec..f903b1d493 100644 --- a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json +++ b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--39589369-831e-4d0e-a6c3-b7deaddfc6ed", + "id": "bundle--952eb7f0-f16d-4226-ac18-30562f3b11b7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json index 2cf1016a18..93702005f8 100644 --- a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json +++ b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--722b8fd3-f336-461a-952c-9e2ecf965d06", + "id": "bundle--e998f959-b86f-409c-b7c8-6d8023297c9a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json index 74fe1a9002..445ff33a26 100644 --- a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json +++ b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e93d154b-2fde-4831-b6da-8a3b43b8cb14", + "id": "bundle--4a7b57a6-0ba9-4978-8857-e7a3404b2be1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json index 4dbc0f2429..765385a6a5 100644 --- a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json +++ b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--696c9463-c861-49eb-a729-e5c650544810", + "id": "bundle--90715807-ff25-4f0f-8d55-0dc7b46222de", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json index bece82f5ca..3485856f02 100644 --- a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json +++ b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--60839b31-6af0-4b7b-a4e6-3067d49ac739", + "id": "bundle--bccf4698-2f4b-4d35-83e4-8b671687cac1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json index 61ebd3566f..46ad41e5c6 100644 --- a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json +++ b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9b03146-aaf4-4b28-beb4-dc3814144c76", + "id": "bundle--2b5766a8-23df-494d-8186-a2feb8dffaff", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json index a12f663a76..9b380116d7 100644 --- a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json +++ b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7bc16593-7676-416b-be2e-70a245e9e477", + "id": "bundle--a191aff0-c1d8-47b2-bf41-ca40f530cd33", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json index b3efb67416..b8b8e36651 100644 --- a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json +++ b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--be8de28b-a899-4ae4-8b48-d3b7ce8fc093", + "id": "bundle--53f35dd9-6ff7-4eab-8cad-faef1ba727ca", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json index 2f44e86299..af3614c4f8 100644 --- a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json +++ b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c146eb9e-d49f-48a8-8708-7474b7ebf42e", + "id": "bundle--7947d5b7-f475-4fce-9238-09c1b28e56b2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json index e41c23a04d..0a1f1aabee 100644 --- a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json +++ b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8aef6f9a-e170-4f82-a8e5-c27727ca28ce", + "id": "bundle--22ad2c21-0722-4774-b9d3-f5ed73b352a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json index 1db77ee8c1..273066c814 100644 --- a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json +++ b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae52d2a5-e90d-4319-a1d1-143e0be80f1d", + "id": "bundle--e56e8066-a73c-443f-915e-e406e5465d3c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json index ec911db9e4..855593cdac 100644 --- a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json +++ b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--83399ec8-c7d8-4c6f-add6-68abacd00e9b", + "id": "bundle--9143afdb-6280-4633-a2d2-bfcb5374d3f9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json index 25a28cace2..e0d3c86b6e 100644 --- a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json +++ b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e719dd69-4444-44ca-bf96-6ef7dc6f870d", + "id": "bundle--d8b3679d-7d14-4e10-bc08-01b8f75c535e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json index 2aaae232b1..cdf97d416d 100644 --- a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json +++ b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8ef6ef13-51dc-4fc0-b38d-e68d1b567944", + "id": "bundle--c8a7709b-29ff-4d8c-8059-766780b3a9b4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json index 6c31d0cd85..74d7ace988 100644 --- a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json +++ b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1c2425c4-2525-41dd-b6bd-19a2d58e4da4", + "id": "bundle--f86f750b-23d0-4fd4-9f2d-40eb3db5f6fd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json index a90d433a35..1a15406aae 100644 --- a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json +++ b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1c1a99e9-4f61-42c6-813f-b533c484af18", + "id": "bundle--fc6a8816-7db5-4d80-8d18-dff81efa5065", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json index 67488904a2..1332cecf3e 100644 --- a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json +++ b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--237f33db-d75d-4ab1-972d-4d150381cb30", + "id": "bundle--94d20f1a-b128-4a4c-85ac-77e8c6e65bb2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json index a0e632f9ac..75fd4cae78 100644 --- a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json +++ b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2954d294-2720-4393-9ec5-eb766f578d4c", + "id": "bundle--c9a8d703-fc32-4cc2-aa78-f745acbfd969", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json index e8acc03ddc..ad5d792790 100644 --- a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json +++ b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--98bdd29c-a030-4f56-ad5f-a8c66a6ca464", + "id": "bundle--64fbcb04-ebe0-45d6-89ad-a2b2bdb36787", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json index de72f020c6..289d7f85ea 100644 --- a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json +++ b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--83a83789-9a06-45d2-a0cc-4c997b9f3b14", + "id": "bundle--3f1cee43-8fd2-4225-ab11-ae7542bea640", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json index 181b07a48d..56437fbf9f 100644 --- a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json +++ b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a046ef4-85da-419a-a2e4-958f2840abd9", + "id": "bundle--1324db95-f7d3-45da-9ae4-91137240940b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json index 2857f3ed00..e9cf4e14f3 100644 --- a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json +++ b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1622a5e-703b-462f-b216-e5766ffb2687", + "id": "bundle--29e9f4af-f80c-4321-9e1e-fc1364c7f29a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json index 3d0d6f6fd7..af9275e229 100644 --- a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json +++ b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18e77e3c-fab9-4aa3-804c-13947fbcc8b5", + "id": "bundle--6521ffd9-0d90-4c04-aed2-49408e396cc5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json index 9c29365c92..986e66438b 100644 --- a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json +++ b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b89d2b25-8624-48d8-a78e-859499ab851d", + "id": "bundle--cb213f28-d92f-4819-968e-52c4cdf995e1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json index a390bfc3a3..c8b35f1f01 100644 --- a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json +++ b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aeef4417-1832-4f65-b6eb-43ca3cd96586", + "id": "bundle--42ace379-d49e-4f3b-93fc-b1c99368b901", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json index 139ff60562..ac7ea424dd 100644 --- a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json +++ b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6f4c81d1-f2bd-43c2-b423-e0ca107382ee", + "id": "bundle--38394c89-4a77-4ff2-9095-e448669d39b1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json index 5b276b7601..9b074e378d 100644 --- a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json +++ b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--96bd42f3-cef9-42e6-97b2-51bcc3195b97", + "id": "bundle--f8b6a185-1d1e-4f75-babc-c59ae25bb05d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json index bccd4ec397..3be52727ec 100644 --- a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json +++ b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a9bf8b55-b9f8-43b8-bf96-5661a87f4772", + "id": "bundle--9dd2f33c-330e-40da-985c-1da823650536", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json index 97fb8aff28..5bdba09095 100644 --- a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json +++ b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--37ae8e30-7d6d-4a9c-ac82-0cdad0a1b2ce", + "id": "bundle--1c4e4481-eea7-4062-bf58-25cc6834e774", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json index 6e6cb2d40a..ad0b071c74 100644 --- a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json +++ b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1680d138-82aa-445d-8161-5ff5f2bfe96c", + "id": "bundle--f883b657-5fc4-4a05-a2cf-d766c23e48cf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json index b6fc090188..d5ea9afe9a 100644 --- a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json +++ b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--94dbccb5-f3cd-49ea-add9-79a679ae5b35", + "id": "bundle--e1a1ba5c-708c-4b50-9a68-0a82748fc25a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json index b5ce893b42..48557419e0 100644 --- a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json +++ b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1bfcd47-cdcf-49b3-8730-e63a266f6639", + "id": "bundle--a2210160-5ee1-4169-ac32-e9b698f5c534", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json index ea1ea803f1..119627ab9f 100644 --- a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json +++ b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0e5ca590-2c32-4b7d-8efb-91c8a1fcc3f5", + "id": "bundle--7c780834-4e4e-4818-bcd9-4f551b850d4c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json index c0fd80b37a..cfee297202 100644 --- a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json +++ b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dd10c998-26f4-41c8-ad90-45d61e4f9f90", + "id": "bundle--99a9340e-a199-4e69-951c-55ffc37e74f7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json index eb9389805c..a57578b9a0 100644 --- a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json +++ b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2036488b-d502-4f78-8ec2-c78e6fcdd478", + "id": "bundle--51d62b21-fdae-4098-bbb8-ecac772d9264", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json index 4875ac055c..391e0d4f69 100644 --- a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json +++ b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--861d0aa4-7997-4a5a-b7c6-f625e1025baa", + "id": "bundle--d128a204-1510-45ef-9fe6-269a26948cae", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json index e5eeced1c4..64720a71f3 100644 --- a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json +++ b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5c0ac79b-aac6-43d4-909f-cf841a6b55c0", + "id": "bundle--5ae2125c-ca85-4f6a-be1c-c2e8a4563ad6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json index db4ed41409..6e71062858 100644 --- a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json +++ b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--185eabf0-b831-4cfb-902d-e427345aed64", + "id": "bundle--153c7bf3-aa70-4ff2-858d-183804aa217f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json index c70e789651..3f091a3ee9 100644 --- a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json +++ b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6eb34dc8-7eb2-4866-8a7e-1842e27774fc", + "id": "bundle--f1ad692f-246b-47f9-b27c-f93f602cdcef", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json index 693b3cae8d..8535afd992 100644 --- a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json +++ b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--074e82b0-edbf-4cbb-b9bd-efe28ca68e79", + "id": "bundle--f6588e75-9192-446c-8079-964b00194fe3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json index d98f0e4794..407ffd3fe1 100644 --- a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json +++ b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dfca8f1d-6f2f-41f4-b644-796fe10dc379", + "id": "bundle--c78583b6-0820-4dbb-9f39-e2bb40d20b72", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json index aac025ab59..dc0054bed1 100644 --- a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json +++ b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b88b92a8-e4b3-4f3e-861d-8ed7cce6280d", + "id": "bundle--70d4a193-58e2-4725-9cfb-819e804b26fb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json index bd5d8a4c95..50027a0cc7 100644 --- a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json +++ b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a0c0d425-dc9d-44ca-8de9-211a2419fd45", + "id": "bundle--01d417ac-2e47-41b4-b1bb-f1d7388ab2fd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json index 520a0b3e34..f6f5bbb451 100644 --- a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json +++ b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b2728045-a6d8-475a-9ecb-ba0e46893948", + "id": "bundle--317cd7e6-f8e2-4ac8-adf2-c2326d024aeb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json index 31b077f678..94b76839fc 100644 --- a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json +++ b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2837d4f-a049-49ce-abf7-d5b5063a64c2", + "id": "bundle--7db36a50-1084-47c4-ab9f-9c7ad25e5b1d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json index 23d8b7ff1a..3e60355744 100644 --- a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json +++ b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--647def44-953d-4533-acef-97fc6d3a117c", + "id": "bundle--19a955ac-f279-4143-88b1-b26e81664436", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json index d25b69bd1d..b8cea14e4a 100644 --- a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json +++ b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c78b550d-99dd-48c6-8b95-d8e598f561bd", + "id": "bundle--a5e9105a-5dd0-496f-b4fa-e622f1e236fc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json index d2e5fb3311..9e597b8fe7 100644 --- a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json +++ b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7a203fa7-4af6-418f-9572-bf6f4ed2325c", + "id": "bundle--d61ac927-2e28-47e8-9875-4b20880cd857", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json index af36e44b40..146db081c6 100644 --- a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json +++ b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c7ca6658-8c2d-4b8a-ae6b-ed1a5491af72", + "id": "bundle--fc0b5a5e-ea12-4493-acf6-c1029d93939f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json index d0b5aa74c4..4e7f048edc 100644 --- a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json +++ b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ebf7b7b9-e4a7-4941-a2b9-06ea9c36ff1f", + "id": "bundle--c7936524-04c9-4ebc-b2f1-e760edfc6e45", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json index 2a0e87cc2d..d624eddb27 100644 --- a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json +++ b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--641dd55d-ec14-4b0c-b0b8-185b35dd3fbc", + "id": "bundle--4ec1d578-6af7-455d-96a4-4dd2ed600a6e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json index f0594bbe02..3737743b6c 100644 --- a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json +++ b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--56a26930-786e-4f41-87d8-3d6663fe830f", + "id": "bundle--33a70d75-8e26-486a-ba60-c9db37ea592b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json index 845aac19c1..441a7f7203 100644 --- a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json +++ b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--34dfb855-0d35-4001-9319-4be8b1e98e79", + "id": "bundle--1a1a442a-3698-4c57-b142-dde518b46ea6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json index 0cd8712985..85268b6caf 100644 --- a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json +++ b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c776772-a081-4199-9e1d-e819d7b5b93d", + "id": "bundle--a46c1838-5c18-4940-b37e-89c60f472834", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json index 501a85963a..c4cc0530e5 100644 --- a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json +++ b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--426ce6c9-93a8-4f5b-b601-1e131d12d43d", + "id": "bundle--197e8e1a-29c4-4578-94ad-dde936a7f5cd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json index 0d28269921..346687b95a 100644 --- a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json +++ b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0112b147-f473-4489-bceb-72cf1c9a1421", + "id": "bundle--8cd4ae8a-fe82-4717-91b6-de2022370232", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json index 99d96307e1..e6c4a40456 100644 --- a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json +++ b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3340cb8c-b1ec-4667-80e1-1ee5819bce20", + "id": "bundle--77713821-01f5-4a94-952b-1dcbf757e4e8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json index 5ca4f900b5..d8695d90be 100644 --- a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json +++ b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--21eefc40-cc4e-4210-b106-214c4e3a8f86", + "id": "bundle--221b84de-d567-46db-b09a-49e0ae32a84c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json index 0c06a6dab3..95ec7b9e9a 100644 --- a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json +++ b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--78cc9ed6-bf7b-46d7-8498-72f65d710130", + "id": "bundle--55287420-dd9a-4ce9-a6d1-b492c6523f9d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json index d585926322..3718e62b60 100644 --- a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json +++ b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5c0d2e67-adb1-4e4d-9f6c-31e84f50cc0d", + "id": "bundle--27c83b53-3cf7-4f4e-b834-1b56c7cdf4af", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json index 1b2289045f..2c27fb4b11 100644 --- a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json +++ b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3c13ee1-737d-402e-9376-879c62fed429", + "id": "bundle--8e9ce5f7-92f2-4c60-928d-31dfe1ccafb6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json index d4d93f506d..44093c2f4b 100644 --- a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json +++ b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3227c3d6-0237-466d-9c69-81677e0e22ec", + "id": "bundle--da8b88b9-3924-4e00-930d-9425d7659ae6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json index 4793c0e4bc..48190fa74c 100644 --- a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json +++ b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c4132b3-1e6f-4848-bed6-dbe2b30e90b7", + "id": "bundle--ff58c3b0-183a-45b6-84a1-6c5b0b609ba3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json index 86d90e10b7..467405d35c 100644 --- a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json +++ b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a022813c-9d08-43a7-98fa-a50f7faae03e", + "id": "bundle--78272589-8416-42af-b404-08bc40662a27", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json index aec42b3fa6..c5ba0af29e 100644 --- a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json +++ b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae323d95-4ed9-4367-ba54-817487ea762d", + "id": "bundle--c496cf30-e771-4674-8ad1-3b25b443d60a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json index 1e2b86d604..3962337e3d 100644 --- a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json +++ b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9ca5a2df-bfd0-4b34-a8b8-467c68c327db", + "id": "bundle--d255e232-cdb2-4239-bcdb-82d7a5610f0c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json index 34d1901f11..14b8c39240 100644 --- a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json +++ b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b92cdd2-1ab3-4f36-9f64-c81f0364126e", + "id": "bundle--10d300b7-8404-4eb7-843d-ea9a36c107d0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json index a9e8f4d202..590bca4b0a 100644 --- a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json +++ b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fecfb6d2-4b23-472d-81dc-34c96c004666", + "id": "bundle--40f7d09d-6051-4672-b07e-0ddaa127f745", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json index 2b38a23fc1..6da6146bfc 100644 --- a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json +++ b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eb93ff43-46cd-4e2e-b522-7ee1173688a9", + "id": "bundle--505b2355-c808-41db-a0f6-b5e4ad4f6544", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json index d0e5dc7d29..ba1840722d 100644 --- a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json +++ b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--784597e6-9b44-4b92-9457-1779ea9423f2", + "id": "bundle--7a37bee2-7f2a-4970-9f7e-b4ee8422f3d1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json index 74ce875ad9..4c853418bf 100644 --- a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json +++ b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2bd8adb7-034a-494c-a85d-eaf5b7c652e6", + "id": "bundle--ebaecbbe-ef7a-451e-8271-794b5ea4941e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json index af0f781946..9793f133bf 100644 --- a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json +++ b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0d724bb9-3639-4e7f-ab5b-d37b51353224", + "id": "bundle--6f0fff08-bf4f-43b9-907c-6f87a4af639a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json index 87b5771a23..9e82b79fd0 100644 --- a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json +++ b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bee072ca-798d-4f94-910b-c8f0e81a32d6", + "id": "bundle--a49da821-d412-4005-a1d8-a7af629603de", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json index e0486ecc87..bb39685c12 100644 --- a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json +++ b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--382c2028-8b13-4503-aa6e-22f19997df37", + "id": "bundle--83e09d65-414d-4b9d-b8b3-af112f4e457e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json index dc592927e6..64bf65e7eb 100644 --- a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json +++ b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b02141a2-3cf7-4d4f-9b13-36677dfc332d", + "id": "bundle--7a6a3881-1174-424e-987e-f0dd59bcea50", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json index 541458bf55..2a6bf9e41f 100644 --- a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json +++ b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2fc6ad04-f8ae-4483-81f2-3a8a2a4b78a8", + "id": "bundle--b881d8f0-816e-4bb5-ad64-d47015110a3b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json index 394022dab4..e0cbbab1ca 100644 --- a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json +++ b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2fd339ec-36a9-47d6-85e9-878ab23477a9", + "id": "bundle--0a59eb4b-7203-43a4-ad33-a2a621d79f64", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json index bd3883fae8..5fc03a3dd7 100644 --- a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json +++ b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9b2e0722-0298-4ea1-b7ca-fb49b695a7e3", + "id": "bundle--ff8e7f42-cf16-4ac0-93ca-fafebb8308f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json index fb9bb9a896..4e2abbf17b 100644 --- a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json +++ b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7085a8ae-bceb-4842-9978-0264b31fadd6", + "id": "bundle--d9494e73-3f10-4ec6-94f2-673f02b5817f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json index a9fd05aa18..a9a0aa51a9 100644 --- a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json +++ b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a5c93edd-cff2-421a-b240-5d128eb139c5", + "id": "bundle--a2a50ef9-0de7-402a-97b0-d56748408e1e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json index 654f168259..0b7f040357 100644 --- a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json +++ b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ed77f737-6250-420d-ac4a-34dbc6180f46", + "id": "bundle--942c05d9-d7c0-4d65-b2f7-52c8419cd8fd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json new file mode 100644 index 0000000000..95c8e1c417 --- /dev/null +++ b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--766c6c31-c72c-4298-8e80-8d76c7850dd6", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11", + "created": "2022-09-29T20:08:54.389Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:38:37.195Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + } + ] +} \ No newline at end of file diff --git a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json index a65e961419..f862317ff0 100644 --- a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json +++ b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2533b96-c586-4563-893c-298b4ae9564f", + "id": "bundle--2b3bcf36-dc9d-4fab-a7cb-68ca436e0908", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json new file mode 100644 index 0000000000..bf1e4bc5ed --- /dev/null +++ b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--361ff71a-e17a-4c79-9d19-fa0cd91703f3", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5", + "created": "2022-09-30T19:23:02.689Z", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T19:23:02.689Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + } + ] +} \ No newline at end of file diff --git a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json index 2104700024..c7c2566217 100644 --- a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json +++ b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cdbd36de-e7aa-4813-be21-d86315045812", + "id": "bundle--573b86e0-74a7-47ba-a6e5-c6ac451890e3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json index 617ad7352f..66448fafc5 100644 --- a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json +++ b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e6b20722-13b1-4adb-97fa-fae6c680ee80", + "id": "bundle--d8876032-6795-4083-80a6-faad2613b6b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json index 6f9117e6e1..de98f879ef 100644 --- a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json +++ b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0bd524ba-e010-438b-adc9-d34b2ce45b08", + "id": "bundle--0b26c016-6a6f-4874-8d13-85c63fe08ede", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json index bedac171d4..326763adce 100644 --- a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json +++ b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d393e124-1c0c-4352-82e6-29ecb0b87621", + "id": "bundle--d80a2448-5768-4306-b4b3-e86f14d9fe0a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json index d3cba3a9d9..d63592abda 100644 --- a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json +++ b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f26b5e0a-6c87-4170-9733-cbf837c3990b", + "id": "bundle--e7c69dc0-e612-4fd9-ac2a-fffab2af68db", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json index 2cee8ccc63..77fa3502aa 100644 --- a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json +++ b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--25ced14d-71c6-42cd-9776-b61c8f6d97fc", + "id": "bundle--fe5aa9cc-4746-42ce-8e8d-18c575518b4d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json index bc93f3d1de..5655dcc6aa 100644 --- a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json +++ b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--932319cf-ed76-43cb-abd4-a9db925d9149", + "id": "bundle--40ff5cd7-f818-4988-9017-6f363e3045ba", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json index b26e9c086e..1df54119ea 100644 --- a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json +++ b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b7cfd2b-e2a5-451d-9601-2fa0f0e975f7", + "id": "bundle--6c45e315-68b6-4c60-8ee5-113d6b7ae8a1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json index 61340f68c5..287d3fbf03 100644 --- a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json +++ b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8a4cd970-7982-44a5-b5a2-b53b2209f2a3", + "id": "bundle--c13add72-5c3b-49ab-96f3-56f27a762768", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json index e4410d3d62..0db79ef645 100644 --- a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json +++ b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d131e488-170f-4366-93e0-d6a6fadd17dc", + "id": "bundle--0f1caefb-8d1d-4dca-8899-cdc6ccb8f21e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json index 702136a8e1..0f91c8e902 100644 --- a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json +++ b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2d3d126-a8d6-4bb5-bd66-0a3108b6106e", + "id": "bundle--f9229576-195f-4ebe-8a12-4e78b4bc4d45", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json index e80bf5b577..b407ce4330 100644 --- a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json +++ b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--636f14ad-cfc1-4560-80cf-3b858045f061", + "id": "bundle--ed049b20-5e89-466e-9141-66f1ac6a48ac", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json index adeb3ada04..f9f4c0d5f2 100644 --- a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json +++ b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c487bc67-428d-43f2-9b65-ade1589075b1", + "id": "bundle--2db47b96-76b7-4a76-9fa0-e24a841f90cd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json index d820efab52..f786e221af 100644 --- a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json +++ b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6dff6647-88f9-4f14-94c0-67b6e3278be9", + "id": "bundle--833d09fd-86a2-4ed9-848d-239b6551dc67", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json index 9bfcb10d0a..ca19933bf8 100644 --- a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json +++ b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9419de2e-afa3-4de6-bffa-7f1b991027d0", + "id": "bundle--f8f01158-633e-431a-bf4f-1ffb025205dd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json index 0658a7e4c2..a30bd2809e 100644 --- a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json +++ b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--33a41c43-138c-4128-bb2e-fc5d532a88cd", + "id": "bundle--d58fe899-de4c-4476-9380-7a38fd5f7bf1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json index e58148006e..68af556b7d 100644 --- a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json +++ b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--676a1ba2-e409-4dc6-a7d2-6bbfe1a10b40", + "id": "bundle--ca2c5aab-f376-42a3-ba49-2533bdf24746", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json index 5bcb9476fb..d7e16acde6 100644 --- a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json +++ b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b615f4d-45b4-4b07-89c6-f1751d9e1395", + "id": "bundle--d9799908-12ca-45c5-911e-bfbc205c99da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json index 4ecfb6074e..ab93e2f583 100644 --- a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json +++ b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8e13f9ba-d5d0-4c66-9647-35aa2a85b373", + "id": "bundle--0aa5d283-99e8-446f-8f8e-1de1970679ac", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json index 183b0b7d18..d1d89773c5 100644 --- a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json +++ b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--190b9405-f9e0-4749-88c1-07914d7466e9", + "id": "bundle--d6773266-478e-4c4e-b789-9f68de39cc3d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json index 6879ca2327..0faaa61828 100644 --- a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json +++ b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bcad3dd4-9389-4721-958b-eb369566b948", + "id": "bundle--495317fa-dcd9-4bd2-8348-2c1af37bdb05", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json index a1c5857e03..1103203c74 100644 --- a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json +++ b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ee383da0-d7f5-423c-93f4-fdab07952d3a", + "id": "bundle--2cd91ffd-eba9-482c-807c-ea3b444faf8c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json index 79b0f6711e..b00467b7a8 100644 --- a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json +++ b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6c1903f5-f5b6-40af-9347-b89024a4cc15", + "id": "bundle--fdf73472-5586-4bb3-a0f1-c8f70c2c8833", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json index 83701d41f2..9801dbe862 100644 --- a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json +++ b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e58bd2ba-d8ad-4193-a8c5-aab542fa0afc", + "id": "bundle--367a838e-6621-4cbc-ad7a-cef87db1ae3c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json index 603bb9c50e..bcc0c611ac 100644 --- a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json +++ b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d09c51e-821e-4e19-9681-f32fa4f4a4ea", + "id": "bundle--31709ac0-177f-4a3b-b0b6-b6c40e4a787a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json index d89a888c29..ea5987564f 100644 --- a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json +++ b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9800f2f8-2bf1-4915-8b8e-bce2ff7f1cb4", + "id": "bundle--6b2118d7-6728-47e7-8d8a-fa7c2ff8f09b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json index 5f5dfc0380..8ef6450e77 100644 --- a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json +++ b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8745d006-1118-4171-a95e-10a4c0bee328", + "id": "bundle--6fd801b6-cb23-4271-a497-cab9b975bb2f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json index 72a34ba9ce..4b623fe888 100644 --- a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json +++ b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--de2fa99a-cae9-4ff8-bb70-c79d61de460f", + "id": "bundle--903db14f-dc66-499e-b21f-83aaaef453c8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json index 8e74070b09..9f4b2e60ba 100644 --- a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json +++ b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d4a99c2f-8e59-4250-850d-d9c5dd870020", + "id": "bundle--6b149ee3-21f8-44ba-ba51-f02456d849e2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json index 1de9efcd67..fb51780353 100644 --- a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json +++ b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac59328b-d63f-44eb-aa6f-36e7f78efb65", + "id": "bundle--4ae08226-f541-4ac1-b2c7-ae625d249972", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json index 70a36fbcc9..e208c8fdae 100644 --- a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json +++ b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c7babdaa-2064-4bce-b094-d0c69b6984d1", + "id": "bundle--af204521-cce9-40d2-91f4-7653c681d9a2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json index 8a766f3fe0..e095993e09 100644 --- a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json +++ b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--48239961-54e1-4ccf-ae5a-46e54ef00207", + "id": "bundle--5e4da8a4-bbd2-44c4-8f04-5bc3df0dbba0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json index 19f3b69c34..e46bed41db 100644 --- a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json +++ b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5debec21-13bf-4a01-ad36-46e6455af3ed", + "id": "bundle--c5c33253-0467-4279-a165-1965b55e594f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json index 70ebc94d49..5da770f592 100644 --- a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json +++ b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--35339f90-1af0-4536-b06f-34820c71e6f7", + "id": "bundle--0e252c86-ad68-4ac7-a614-cc98761cf15b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json index 51f779595e..15182a99e7 100644 --- a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json +++ b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0297b0ec-5366-4225-ad10-8e836dc96c54", + "id": "bundle--0f616389-e75e-4ec2-9c4c-d828d3bcaea2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json index 89c5ee3da5..d98f244375 100644 --- a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json +++ b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d43f3875-6b16-42aa-a448-89102111a17d", + "id": "bundle--9c0dd322-c071-42ac-aa52-bb8dcd7f18d1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json index 939db1f121..26f6585ada 100644 --- a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json +++ b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bd360933-4ff4-4501-86fd-4fe74d5301a2", + "id": "bundle--68f5c790-1f34-461a-bd06-159f68e84e62", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json index 993f8b20c9..575246b628 100644 --- a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json +++ b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3fc492f9-3ea9-474e-848c-0637d24dfa41", + "id": "bundle--e771ceca-cd5a-4cdc-b75e-b1b67b498a46", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json index 4eeb2bf7d4..9ef5455509 100644 --- a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json +++ b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a3dfa838-7967-4d7c-8c46-6fbc88d6f52a", + "id": "bundle--6e79520f-2b26-426f-a32c-a5ded7e0ae8c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json index 5144a1311c..2105da3eea 100644 --- a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json +++ b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--78c62304-de8d-4710-bd9a-91448ebab786", + "id": "bundle--af1064ed-4476-4311-94b0-723aad617b71", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json index a20f8ea72c..94aafd461a 100644 --- a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json +++ b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bc9c33a0-b170-4580-be28-46c9e01822c8", + "id": "bundle--0c5fb729-ca4b-4052-8e41-c0286bfd69a2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json index 73474a126c..298a0d4d22 100644 --- a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json +++ b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c6d086ef-bde0-461f-98f9-2c8b182bc651", + "id": "bundle--123e28ae-28c0-4d9e-91a6-eabb3d018fed", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json index 8412974d80..577d02253d 100644 --- a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json +++ b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3a0a20f3-4f02-4231-9afa-0dc54737d654", + "id": "bundle--03667b45-10bd-4b7b-b380-d410be0c6052", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json index f7d72df81a..96b91733b0 100644 --- a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json +++ b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4f0adff5-5a18-4a2d-94b2-510fa55fd04f", + "id": "bundle--349e3722-fb8b-43b4-8f8e-5b7a60750461", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json index 47e55c8113..be767b51de 100644 --- a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json +++ b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a9488073-afa4-4ee9-860e-d31da47b8991", + "id": "bundle--a39eb1f1-0b88-4048-94f0-ed94bf17c69f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json index 72c79f2feb..e20c1a2660 100644 --- a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json +++ b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a8bfb70d-23e9-4d36-a91e-cc2015795387", + "id": "bundle--a72c2a02-2fe8-44ac-a308-9ccec2cec38d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json index 9a9b9e5154..428a1ddc41 100644 --- a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json +++ b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aea0132d-f610-41f9-b239-afdd35492480", + "id": "bundle--918a7b3a-dd32-4bbd-a530-6034e9a9c915", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json index 54271293f2..0387dfcba3 100644 --- a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json +++ b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3b3cca93-f775-47c1-82ba-35bed42bd5c2", + "id": "bundle--158695d4-dce5-445a-a0a3-a866f4ebf6e3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json index c65f2551f2..722252aa52 100644 --- a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json +++ b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1b80d6d4-ece5-44a1-b5c2-e75f43d520da", + "id": "bundle--b17a24f7-7982-4e6f-9841-0e1258d6505c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json index e4fce5a9ca..f40663e035 100644 --- a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json +++ b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1f018b6a-cf5f-468b-9ef1-76ab091dd285", + "id": "bundle--bef7e11b-9c7d-4aa7-860a-25ac45595b1d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json b/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json index d32a4bea1f..a622d2bf49 100644 --- a/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json +++ b/mobile-attack/relationship/relationship--55f12292-dc9d-4bfd-9de9-2d07cd67b044.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--af568b90-1427-4b22-96bd-956adb4ab331", + "id": "bundle--a981cccc-e9ae-4501-9adb-48373cd838aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json index 022f4f71a5..d22ac8b63b 100644 --- a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json +++ b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1c344845-52f5-48d7-a093-d965a8b169b3", + "id": "bundle--30decc15-ef69-4801-a6bd-547c2595c8e9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json index b93ce5fff5..977f346e14 100644 --- a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json +++ b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9e807818-6c58-4c9d-8a63-19f532b71016", + "id": "bundle--d37cea90-c15d-4c52-bd4d-be576a1134cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json index 59bc5f7c93..607c11415e 100644 --- a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json +++ b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e857b429-87b9-4c59-8418-94629cd1515b", + "id": "bundle--e6d930ff-ea7b-4588-ba52-f02149127966", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json index 8fb49564c8..fac79d45e9 100644 --- a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json +++ b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c0cc5912-e738-4734-8509-9aa1a84a6ffc", + "id": "bundle--78d20c5a-8a0b-4a8d-8d5e-105273d36950", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json index 45a4059043..5f6a0f6286 100644 --- a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json +++ b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d24efe63-6a0d-4b30-96e7-6cdd4fe7bd58", + "id": "bundle--24ef7db3-cc83-4396-ae10-cf3b45b2ced7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json index 5da57e800e..b49e98b6f7 100644 --- a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json +++ b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5cd26543-bc59-44af-82a0-dc7e8a95c5fd", + "id": "bundle--8b2fef3b-0bf7-4e99-8c33-6efd70727b45", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json index 553c6c0f84..5252bc7266 100644 --- a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json +++ b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ed4553cc-0023-486c-bcda-f02a7c130c43", + "id": "bundle--cd5d9552-b7f2-47f6-b5dc-3765b379afbe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json index 5a7834166b..92ac350cd7 100644 --- a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json +++ b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--af7815bd-a222-4de0-bb49-4c7cd3b8589d", + "id": "bundle--575b94b8-a209-492c-a141-8a436bbfb810", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json index 9072139a92..3fe7bd0636 100644 --- a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json +++ b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0fe96ad9-cfe8-41a9-a644-9b7be7ad2434", + "id": "bundle--e399f6cd-0af6-42da-8b5c-1021018459f0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json index 78a3121cf5..37186c5ed4 100644 --- a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json +++ b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dea53781-949b-4192-a06b-dddb2ecabb14", + "id": "bundle--10d083d2-459c-4b2a-a387-b6bc1d24dadc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json index 85c49831e9..8c1f47d256 100644 --- a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json +++ b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--476acc0a-f438-4759-99b8-c89c57396a76", + "id": "bundle--6c5ba72c-0355-416c-97aa-6db28f7231a2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json index 74076f8f40..b05b21ffcb 100644 --- a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json +++ b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2eb5b589-7e0f-40e7-8cdf-ce2a32bde8ae", + "id": "bundle--8e45861c-4e92-4ef9-8f58-655d1f904514", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json index ac87623ecd..e6d3953b6d 100644 --- a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json +++ b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e325b575-f5c9-470f-a61d-c21914e72e39", + "id": "bundle--a4932e85-3960-4be3-845e-f5a55c8b639f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json index 3d5221833a..a1e0dd082f 100644 --- a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json +++ b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8954230d-9e07-4afa-a29b-82ffa76e8ebc", + "id": "bundle--4df31979-5350-4b39-9f90-0339d0ce2eb2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json index 804484a0a0..faefabeeed 100644 --- a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json +++ b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3d50b021-a2d3-42d7-94a1-cae00b1c1e7c", + "id": "bundle--1c2ca3a9-5f59-4792-af80-dc011bcef543", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json index 37afead016..c77a08d53e 100644 --- a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json +++ b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--94cf3102-a236-4657-a441-46f3f126dea3", + "id": "bundle--f8e21dd2-d8d6-451d-ba02-433b4e6d65d2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json index f703e9af08..6079d0f258 100644 --- a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json +++ b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b79582ca-63b1-4803-ab9e-8ee5006841da", + "id": "bundle--bdc071cc-b6c4-4c36-a056-cd721619bfc6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json index e1d06e9f6a..3561c76eba 100644 --- a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json +++ b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ff5bfe5a-944f-473f-926b-ccd06406ff94", + "id": "bundle--0d7e3ab3-e5c1-4b22-9de6-77867874e62b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json index 75b0d2a727..9b8af4533b 100644 --- a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json +++ b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08632a77-6b27-43b6-af97-9b7361ae0437", + "id": "bundle--79df06b8-2109-4103-ad80-1ecd0d334515", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json index a614af0f9b..6fca95aacf 100644 --- a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json +++ b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--179a7f54-be7a-43c1-9c9f-b43c04d6d710", + "id": "bundle--b79f0577-520b-4941-b4dc-2af2e24494f2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json index 16dc5d6978..0d628d63c5 100644 --- a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json +++ b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bf751719-adcf-4c14-978f-2fb27848c8c5", + "id": "bundle--fc810d03-66c5-446c-b041-c79bb1917045", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json index 43dbf396f1..7f61aa1823 100644 --- a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json +++ b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7eb0d348-869f-4f92-ad36-b496e1598ac6", + "id": "bundle--df2e8213-eaea-4751-9221-704a4d41daf5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json index 54cbca2a70..aa51849b54 100644 --- a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json +++ b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fac85061-e3fe-4b28-ba1d-bd9d2e9ca690", + "id": "bundle--5285db05-3561-4a39-ac39-a491ad9c974d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json index b1e8227af8..6ba3184992 100644 --- a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json +++ b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08304daa-f7b0-4e8f-8c13-ccf0076a61fe", + "id": "bundle--b08b1781-84fa-4569-ab0d-4c1dfbd1509a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json index 688ee5f03e..01f5e1270a 100644 --- a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json +++ b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9e2a6040-485a-442c-ba10-447b94c02a27", + "id": "bundle--07966d29-c194-47ba-aa19-dbee22c6d869", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json index 692e350c21..2fe79bc5c4 100644 --- a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json +++ b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--01032713-8a26-4301-9d94-c6a08389c708", + "id": "bundle--2e01c836-566e-4dd2-86ff-a1c38ec8072f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json index d7d94fb5cf..ebe5a2cf1a 100644 --- a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json +++ b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3b09022a-e39e-499c-b12a-986dfb13bb84", + "id": "bundle--dfee529c-29c0-4870-9277-d649b7abb8d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json index 016d04f7a0..f05f77f9af 100644 --- a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json +++ b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7b312c3a-b5d4-4976-a6fe-06c842831e69", + "id": "bundle--da0ad2b2-565f-4052-9ff0-f65236447599", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json index e46415ec8a..4caacedc2f 100644 --- a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json +++ b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--51fced2b-2406-45e5-82a0-dfe5d2578b5b", + "id": "bundle--7949b27c-f437-4d73-b334-9c6f27500e31", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json index 41408392b5..51231b7e0f 100644 --- a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json +++ b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--11fd1afa-45f6-47db-bfa5-c149214306fe", + "id": "bundle--f443b465-5a27-4a68-a894-487efff05973", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json index 91b07586bf..ea7cb850ac 100644 --- a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json +++ b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ea191269-d7b8-4a5a-8893-4bec3994ad4b", + "id": "bundle--06bc6b08-a559-439b-bd10-98dd12510eb0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json index 50b4867c2d..ef5759669e 100644 --- a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json +++ b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--791e47ae-72f6-432c-bb27-91c7b85e5afd", + "id": "bundle--aaa3bf50-1023-4183-889b-e51aefc0cf62", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json index 9b7b2c09cd..a24a02d431 100644 --- a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json +++ b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9cdee0db-4efe-4b23-a32c-76eef7f53fdc", + "id": "bundle--6414989e-4d1a-4c58-9dca-9628e8ec4071", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json index 3ef473e4cb..5d1ece9d99 100644 --- a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json +++ b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--be8a7a37-6999-4c20-9a6f-13cdc0a5363b", + "id": "bundle--89872f55-8e12-44f1-acd8-fa5fde5516e9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json index 08eef1a2bb..ba2ee10bcf 100644 --- a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json +++ b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9c6b7465-ccd1-413a-922c-eec581f3e650", + "id": "bundle--f7e3d506-dd40-4fb0-bcf5-54a1c975e801", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json index a3faec1bc0..3f02ca301f 100644 --- a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json +++ b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d779b03-8585-4abc-b588-8afb338d0323", + "id": "bundle--9c966487-52bd-4a15-95cf-6adac895f297", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json index 5821084b09..ca4459116f 100644 --- a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json +++ b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c506b15b-d517-4bc6-9731-c4272f2f092f", + "id": "bundle--d455124e-39ea-4a01-9fe6-7c75e1a95d5c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json index a3396e98ee..c2eed38bf8 100644 --- a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json +++ b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--65b7ff44-aa09-4301-98c6-7b0a3a6c699b", + "id": "bundle--7b7c8033-0d30-43fb-97d4-a8bc003afba1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json index 8302c5b357..734957f363 100644 --- a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json +++ b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18589014-dfa4-4083-8625-24480542936b", + "id": "bundle--eb1a48c7-7a03-4935-bf2b-17618c1237a2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json index 27ca1db920..4f7f8456fa 100644 --- a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json +++ b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91cf34fd-b74b-4d2a-8851-bd2633e7b32d", + "id": "bundle--db67707c-e77e-4b3f-b550-59c9ee540a51", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json index 0a2cd3551e..337ffb6b24 100644 --- a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json +++ b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5c9c13f5-cfc6-4edb-a3eb-c3ae0169d761", + "id": "bundle--9f9e2189-fd24-47d8-8d55-d9665d67ac76", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json index 2d3facff67..b26925a9fc 100644 --- a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json +++ b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--75552afd-6a17-4832-87aa-ef31db21494c", + "id": "bundle--9531985c-7b44-4e5c-aa6e-1a78653c07c6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json index 094a6ff8e4..0e379af342 100644 --- a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json +++ b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cfcc414a-e92b-4411-bb12-64190ebcaf7c", + "id": "bundle--d8314574-d48e-4afe-897a-36a8d086623c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json index a5f79dc5c4..63ac3bfed8 100644 --- a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json +++ b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77594191-55f8-4ddd-87f5-eeb5a0a40a16", + "id": "bundle--d86af4f4-67e9-4865-a848-19fa8b216b8c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json index 6b355954f0..17ebfcfaf8 100644 --- a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json +++ b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--55ebdd7d-12b1-41d5-bbaf-085a75526777", + "id": "bundle--b43cdfa1-ad40-41da-b7ec-b0b2e4892cb7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json index 22ac35e58a..3fbe566f23 100644 --- a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json +++ b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--59e6576a-6a89-4700-ab32-a7bae792b36f", + "id": "bundle--d13115fa-dc6c-4346-b6e4-27df3371b74f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json index 5d775c5c48..09a7acde5a 100644 --- a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json +++ b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e6228e7b-a01b-4a6e-8e5f-660d9c586f25", + "id": "bundle--8e7fec89-f192-4070-96aa-87afaf48f7f6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json index 0dbc9d8641..ae6ca7b51a 100644 --- a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json +++ b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--78dab4d6-0541-4ea0-877a-df725521c88d", + "id": "bundle--2b433412-911d-482c-b6a8-501e7de1486a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json index de1f06b761..c28ad47fcb 100644 --- a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json +++ b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--94b1a935-44c0-4496-83f4-1f53d0385352", + "id": "bundle--98837b4e-394d-44bd-89f1-e828a17b2361", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json index f924f97d60..f3a1b55f42 100644 --- a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json +++ b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d20877a-b0f0-4195-babe-cc9a21e8c917", + "id": "bundle--415974de-0763-4268-b31a-cfc4d90c952f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json index 303761a57f..43bcabd341 100644 --- a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json +++ b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6d14b88a-e6f8-4203-a427-4b5e07045ef9", + "id": "bundle--59d3e2e8-7e53-4f81-8e42-2dce61ba3bc0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json index feae828687..b45b44a2ce 100644 --- a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json +++ b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ffa9e4a-756b-47a2-9ae7-24692f3a7cbb", + "id": "bundle--ea3b2dc5-7b35-4e85-909b-ad5120329c9f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json index 4ab010c040..113fed0b38 100644 --- a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json +++ b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9654c3bb-62c7-4afa-ae8b-d3937982ef36", + "id": "bundle--8fdd0c99-c265-41b3-a083-031c0da26890", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json index a2108bc304..84f56cb7ce 100644 --- a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json +++ b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e108a48b-c767-41c8-ba2c-4cf7c94be35f", + "id": "bundle--d76b0dd7-cd14-46c2-800f-df2864dc2228", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json index 418ba9383d..a4ee53417c 100644 --- a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json +++ b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a141eab1-5291-4ce5-9485-981de15d9f06", + "id": "bundle--f22d79ca-2ff7-4aa8-a20d-a271d2e03e50", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json index 2cdaf78cec..1f9c309284 100644 --- a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json +++ b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ffe38cce-5f06-441c-a8f1-c5f49e78eac6", + "id": "bundle--b4e5f2b9-fc5c-4e17-9e70-dac3fef32c0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json index 95823a8c72..a4d3d95533 100644 --- a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json +++ b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9aff5c26-f2f6-4a18-9f7b-60b0a6f935f5", + "id": "bundle--13c89953-2442-4755-a6fc-b36e6a89c8f4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json index dc3f2f882d..a1501ede92 100644 --- a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json +++ b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f1865b1c-8c0c-4fb5-9e2a-0baaeb6c22eb", + "id": "bundle--95e1c496-a96f-4a12-867b-01ac18b0ba51", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json index caeb5e1969..1836c43fcc 100644 --- a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json +++ b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fe9e27e8-5e3b-43d6-95d0-67b0449979e0", + "id": "bundle--18d40be2-5ed4-4d14-9427-3ea0b506c606", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json index 809630e633..4dcc415e76 100644 --- a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json +++ b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d8a95c9f-ea84-4647-bc12-ba2e6c0b0ff8", + "id": "bundle--f0c96e4c-0001-4f5d-961c-590897ad6598", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json index dd6c63b174..9c6c4d6084 100644 --- a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json +++ b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--df50e14b-d689-4ffc-9d8b-f8103be23d7d", + "id": "bundle--007fddcf-b80e-4724-a942-388199537f04", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json index 3d7c2c976f..3cec61e97f 100644 --- a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json +++ b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b7590905-5246-42c3-b488-6792d7a5a9a7", + "id": "bundle--132f4a80-434f-489b-8052-24d94e1832f0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json index ba4bb65547..51d854992d 100644 --- a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json +++ b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--87893730-6a9d-4121-9da6-c7331603d2cd", + "id": "bundle--d7b818db-c457-4742-9649-7841e214f5e4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json index 101de09a4b..5c6ac428de 100644 --- a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json +++ b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--283cd2bc-4b7f-45f2-ae8c-62ec4dc6f7b1", + "id": "bundle--84997d67-3157-4c3a-a684-f148161db347", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json index fe85bb944e..3b9b57fc31 100644 --- a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json +++ b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--170f3644-8fc9-4ac4-9aa4-4e6b64bf275a", + "id": "bundle--0c9ff0c9-ccdd-4eea-833d-5aabf7340a30", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json index 0feb1cdf26..6770a2b04c 100644 --- a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json +++ b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c920f4c4-3e28-4380-abbf-f8de2516b330", + "id": "bundle--b4278cd3-5978-4761-9754-ddba74134fdf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json index 16add067e7..c97f151e06 100644 --- a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json +++ b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0c83947a-37ae-48db-8711-c10e931f1b24", + "id": "bundle--7cb33b82-eaed-47f1-a9c3-d52a151cdfcf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json index 6c88092d3d..e1a491c3e7 100644 --- a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json +++ b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a96be036-ca7e-46dd-9821-9cec0f51234e", + "id": "bundle--f76d4c55-07ec-44ac-8518-9da1306ad1b7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json index 3e46892bf3..a698cf9af4 100644 --- a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json +++ b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--113c0950-ae56-467b-9e23-1576121b834e", + "id": "bundle--a5af0757-25cb-4006-94ea-2820b84990e7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json index f9878d4bdb..f469c40521 100644 --- a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json +++ b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e5acac00-c7c7-4a69-8560-f1a471723edc", + "id": "bundle--203dc0a3-b3c9-40b9-b49f-5b51ba3f53f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json index e5a0a3d410..3e71fdfd79 100644 --- a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json +++ b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91782b17-a6b1-4b0c-8dda-5b60c6673593", + "id": "bundle--6284b4a7-89b6-4dff-9d9f-39139b0b711e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json index ba8f6df4aa..dd50bdc9e0 100644 --- a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json +++ b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bf705397-c552-4d40-b045-34c78493e025", + "id": "bundle--db4e2b31-1946-4dea-9a73-8a8895aa63b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json index 2ec3b90211..045f746761 100644 --- a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json +++ b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ca112f57-fbaa-45f7-8eb6-fcb6302f9d89", + "id": "bundle--1ecf18a7-7e83-45f1-a90b-00db58498f99", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json index 5f5472d023..07646ae24c 100644 --- a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json +++ b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--de574a32-b3f1-4331-bc87-d3313c5bea30", + "id": "bundle--cde0befc-d30e-4dc7-8f35-1a271c3405c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json index 26d3e07bf6..b9e8d1c400 100644 --- a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json +++ b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--85c2167e-2c7e-46ae-8f3c-f95c5ea5cb1f", + "id": "bundle--f8d3aa24-4f0b-42c0-8bdd-570df242d91a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json index b3a4cbb1ae..fc1bef609f 100644 --- a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json +++ b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1d8cd5bd-d8a0-4e63-8167-dbe9369f6132", + "id": "bundle--22f04468-afe5-4648-975e-e281d2b9a6a4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json index 0b2f98bd34..55ecafeb11 100644 --- a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json +++ b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--574e8db0-c036-4629-858c-36f454324484", + "id": "bundle--853ebc65-89ec-4224-9105-88c394a3fe6c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json index f33f762e1e..b5c8b84d0f 100644 --- a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json +++ b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7c0c3db7-8fa5-4288-85a9-655d7f4a7ed4", + "id": "bundle--a2f20d96-b59f-41fc-bd2a-30b8e7ad7832", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json index 737ece96d9..52703c0f33 100644 --- a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json +++ b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d2c93f1-ac08-45a9-aeed-993dcf2251cd", + "id": "bundle--91c84b51-2050-404b-b50a-dc8b99b324d6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json index 267538c267..9f5627d89d 100644 --- a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json +++ b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b430e609-f232-4e83-847d-fe4456e77dc7", + "id": "bundle--e9ae69c7-bfaa-474c-acb3-ddbd57a553ed", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json index c58378f1e1..f9be3884c3 100644 --- a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json +++ b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f3a8577f-1af0-4202-913e-254c81f6ee63", + "id": "bundle--0a93f8b1-d229-4112-b82b-e049cab78d3f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json index 86d277d708..67f58eff5e 100644 --- a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json +++ b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a6c9a80d-4217-45aa-acfb-2d10cfd15185", + "id": "bundle--7146ab8f-0e24-46a9-aa7f-99a3c4a33893", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json index f3dff247bf..209d12fcd1 100644 --- a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json +++ b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--73d15603-5fbf-40a9-9fd8-a5d4f8f2b0d0", + "id": "bundle--380662a9-9973-41e1-8990-71c6d56114eb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json index 92d28cc0f4..ffeb4cdadb 100644 --- a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json +++ b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7e69b9e2-6522-4b0e-a1cf-7623968b3771", + "id": "bundle--74512b3d-9e80-4231-bd8c-ccf61494833b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json index 6d66b410ae..e59dba7c06 100644 --- a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json +++ b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c6657ef-9c8c-4c02-8319-ca1f04624373", + "id": "bundle--f9acd1c4-0847-47d2-b996-a8cc7831cd7e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json index 621e0f62d4..9db46097ae 100644 --- a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json +++ b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--365d70da-3551-4c9d-806c-bba577194e90", + "id": "bundle--c2e4006f-180b-4190-b21e-3e7c1f0fc1aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json index 9e44d0a74d..c70bf63139 100644 --- a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json +++ b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50cdd915-f954-4fa3-b042-f77ceeab8a46", + "id": "bundle--cc6606d0-96cc-452d-bf86-d4a95436b5da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json index a9d40647ad..588448c7b5 100644 --- a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json +++ b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--66f374ab-4801-4ef9-b90f-0797bad6029d", + "id": "bundle--d0ecc961-2b26-4743-8990-b52077c38cfb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json index cfeea57b9a..54a2c28fee 100644 --- a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json +++ b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f2d15a04-10fe-4ad3-86fe-db1b090dba09", + "id": "bundle--9a64dcea-643f-4704-b2e7-4f8337b5ef16", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json index 7c516f94eb..871fc1d37f 100644 --- a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json +++ b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8127cc69-3de1-4178-8b49-e030ecfe09ef", + "id": "bundle--ec85b71c-1aa0-423c-a184-671b3481eaba", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json index ca7eb7ed9c..06dba30797 100644 --- a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json +++ b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1f14a8fa-e686-4d91-8077-cb2321a9d8c7", + "id": "bundle--da852565-9b6e-4770-992d-1c448a44d54d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json index 3920e4969a..4a09fd981e 100644 --- a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json +++ b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--923dfb11-ac68-4f2d-892d-a83732987c1f", + "id": "bundle--0c7606f2-93af-4ff8-8048-900e36daff92", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json index d0ee1e5261..dad1f1678d 100644 --- a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json +++ b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e8bda063-79e4-4224-a368-67f02c19beac", + "id": "bundle--c1d415bc-0c02-4a82-af21-a479108f599e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json index 25309f3eda..87a094a73f 100644 --- a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json +++ b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--213a65e4-edd0-46e2-ac75-b657f73b01ac", + "id": "bundle--200142d9-27c2-41cd-8589-12b963d82be1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json index 01625bff3c..fcc8e55f1e 100644 --- a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json +++ b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--439c147f-790d-41ce-a4d8-39272a105032", + "id": "bundle--c440b339-8902-44ac-89cc-516226661e41", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json index 2114567a7c..691caa8cef 100644 --- a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json +++ b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--615da9fc-19eb-4d8f-a600-da15b3ac6b75", + "id": "bundle--53fbf1b0-5ee7-467d-8e83-7d102c9602fc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json index 9e91a459fe..eb13090829 100644 --- a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json +++ b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a4c8f2fb-0687-4bbe-9a9a-533990eed70d", + "id": "bundle--bb3d5451-6769-4c36-b38d-113cb3b5ecb3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json index 02897c0173..e704f601fb 100644 --- a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json +++ b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bee2e677-f9bd-4c02-8d6f-71802bd93ccd", + "id": "bundle--49191850-d60f-4516-af44-cee9feaf033b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json index f5d991a0d4..7dffe8c565 100644 --- a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json +++ b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--593d3f22-51cf-42b6-b641-e73c1b6bca04", + "id": "bundle--0a90c8a0-1e09-44b3-b293-7b5c49078d60", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json index c8a2149433..6e6a8c2746 100644 --- a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json +++ b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9e2f127d-6954-4005-a343-13389736fd24", + "id": "bundle--965467c2-5026-4c40-a6f5-9098490c8088", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json index ba080fff4b..a4985e5d64 100644 --- a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json +++ b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b5d5dc3c-647d-4d94-8db0-704676ca3e7c", + "id": "bundle--cc0d8ec6-582e-4f6e-a367-bfe057ea445a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json index 389cd8027a..a929aa76a7 100644 --- a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json +++ b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3e46e5c4-e8d3-48ec-af6b-cda16118502f", + "id": "bundle--3cde1272-1556-4f57-ba3e-661ca8bdf04e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json index 6712f21bf6..0a39675f0a 100644 --- a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json +++ b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d582bfe-faad-4770-bb22-9aa9aa6a1337", + "id": "bundle--831da70e-4615-43f6-ad62-aa4c2be0d3b9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json index c4d2cc5aca..8f94cbe90d 100644 --- a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json +++ b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1497dba2-91df-431b-9e1b-9bbcecc2a549", + "id": "bundle--58ad538e-1a9a-4e19-842e-93989d7c49b3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json index 089a4cd077..59199919cc 100644 --- a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json +++ b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1017d1c-3f22-43f8-be11-2c42e9eba727", + "id": "bundle--4ec42073-702a-41d6-a418-341e424550f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json index 5311e57976..6e750a936d 100644 --- a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json +++ b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5f1bf3b1-d8e3-4a80-9ee8-7f378a2dc13a", + "id": "bundle--d6a9b601-a1db-49cb-9cbc-0adcc6df358d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json index 01293ecea0..67cae9c99d 100644 --- a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json +++ b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d586cb3-6de4-4e95-aacb-b22676ae3fd9", + "id": "bundle--fe4e9150-96c4-41a8-a5db-df1062ac1d80", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json index d70026d384..23c025f034 100644 --- a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json +++ b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6404cebf-6772-4ff5-822e-57b896956c77", + "id": "bundle--7f1286fb-38a2-48e2-9204-137263dab0b9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json index 2b7e248462..1ac1ee457a 100644 --- a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json +++ b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c7bf7554-4843-49e3-9901-645000824f96", + "id": "bundle--37e93d1e-edfd-4ade-bd90-4dc7ceb449c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json index f69550b341..ca4c214f57 100644 --- a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json +++ b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e694fbce-3b65-4424-ac01-5a23901f09d3", + "id": "bundle--6ff4e79b-8d7b-4bf3-be31-42c0b8034422", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json index 088231516d..953dd50bab 100644 --- a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json +++ b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0f8e3968-6b0e-4977-b1a0-81aafb8a36e7", + "id": "bundle--ca2a8cd2-a7c6-4229-9eef-489e1807dcd4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json index 9b499c3930..f484a5ed34 100644 --- a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json +++ b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7df0753d-cb53-4b24-9534-0ab61531b74b", + "id": "bundle--1ac00156-3b41-4de8-ad20-301db626233a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json index 41ddc9a1b3..68e29fee24 100644 --- a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json +++ b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc8cb840-7f52-4e9a-ad07-4af5e4aee052", + "id": "bundle--c1b8da8a-bdae-4661-b343-69006323b71a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json index 453bcba6b2..3271fc306d 100644 --- a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json +++ b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--64393c55-5034-4eb6-b7ef-dd6ba7d747f5", + "id": "bundle--40e64804-8b4f-4a35-b04b-d43eda2812ae", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json index 0f8a36c166..ef8a616bc0 100644 --- a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json +++ b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2899ce19-0602-456d-a602-846dde85e2cd", + "id": "bundle--6de4ae3e-7489-4e33-892a-b7ede3d74d32", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json index a19711c139..291c2dcd74 100644 --- a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json +++ b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4587bde1-f3c2-4aa0-8691-7be51780df8b", + "id": "bundle--94560257-3c37-4569-a155-ccbc7ac4781d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json index 82ea9e93f3..801e62d126 100644 --- a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json +++ b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--90a800b0-348a-484f-9ac8-427cf8f7c07f", + "id": "bundle--15cd0801-5cf5-4da4-9802-8f2e4b010a5b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json index 3ad2699b52..e6fa72201b 100644 --- a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json +++ b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1cc1068b-ba01-48f1-aefb-e7688161c02f", + "id": "bundle--17bc4cc7-ab5d-4d46-9e28-036812d5667d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json index 576c7b92be..09dc639f37 100644 --- a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json +++ b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b85dd6ba-0d07-45e3-9838-c90186f1f332", + "id": "bundle--c2b9a0c5-af65-4b3f-a4a9-7a9979c86c71", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json index 4ad700c7ea..88831fc83b 100644 --- a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json +++ b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ede19e43-667a-4457-921d-1b9c68f0e4b6", + "id": "bundle--5aedb0d3-1f9e-4bcc-8277-dec0d8950100", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json index 6989396c90..8a6cfffc9d 100644 --- a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json +++ b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e80072b-9c91-415e-b5ec-23b1d52f8cb2", + "id": "bundle--44036b73-e10f-43d7-92ba-059eef1eab78", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json index 28d326c3d3..622e0fc131 100644 --- a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json +++ b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5ed2d7bf-0512-49f6-9244-1fb3c577d422", + "id": "bundle--2d12ff5e-8428-42c7-90c8-b2b5251a875e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json index 5a6e5fcc37..a196e628bb 100644 --- a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json +++ b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e5a0977-4731-49cc-b827-2b143afb1f77", + "id": "bundle--99773dda-43cf-4b19-a7d2-de9bc4313b56", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json index 58f36d0de0..214cfdcde3 100644 --- a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json +++ b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--efdf3a07-afa5-4b0e-a77b-83e51c1ce864", + "id": "bundle--64c2e368-3c1e-4684-a0aa-8fad3bded9ca", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json index ec8a644148..bf2e2a3242 100644 --- a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json +++ b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1591f2f5-0377-4ad5-b1ca-25d3aa0e2f37", + "id": "bundle--d381aedf-b95a-4c0a-9d94-8f1a117dbdaf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json index d2e74968af..32783f7aaa 100644 --- a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json +++ b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--746ecca1-dbf6-49fa-aced-0adde1f8129d", + "id": "bundle--a2f20e2d-5f22-4c48-a2f5-5c27bf228c83", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json index d1b8db70f6..a82fd45d78 100644 --- a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json +++ b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2a28e41d-2c89-4c3f-8d69-6b8dfe1a2372", + "id": "bundle--d7a154a2-e5e4-452c-8c0a-0ddcedb312f8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json index bee4446d8c..a79ffe2fc9 100644 --- a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json +++ b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0ce228f2-a3e1-40e5-bfda-d620634e2bc6", + "id": "bundle--f86d6650-f32e-4cec-be08-e9f7719badb5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json index 6819b318b7..914ef9f0eb 100644 --- a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json +++ b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5942ef28-cac9-41cc-868e-82c78a0feb18", + "id": "bundle--68f1aeb1-3c02-4b3b-86ca-e5c1f9fa32da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json index 466dce159f..7eae0451a8 100644 --- a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json +++ b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ef3c20d9-c4cf-42ba-983c-619116a7d773", + "id": "bundle--f3c6013c-19ab-488e-a354-de48b7615910", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json index 3b4b0ff0f8..1d8f90f40b 100644 --- a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json +++ b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc7a0a6f-5302-4e50-a174-dd37f88a754e", + "id": "bundle--4bfb2554-1eae-489b-9e7e-3dd915d30a2e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json index 99ebae11f3..1224793c03 100644 --- a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json +++ b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8bf48858-21f2-4cd5-bb14-45f3a1abc3bd", + "id": "bundle--a2db31ea-bc20-4b03-8492-14523045733b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json index 3f550a7714..45ecd4b35d 100644 --- a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json +++ b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1600a714-f29d-4f72-8b0a-d5725ff6940e", + "id": "bundle--1dcd4538-f4e4-4561-b5b6-fbd23ed73198", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json index aaa30297d2..17ed795698 100644 --- a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json +++ b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--21d3c478-2606-40a2-82d7-e8b7c8a3a718", + "id": "bundle--40a06579-6926-4f3d-958c-40f09ad52253", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json index a3b1f9ba40..74b037cb70 100644 --- a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json +++ b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2258c51b-2e92-4228-9cab-386f2a5d2a85", + "id": "bundle--e81138b6-b39d-416b-9dfb-49dbf0f1f33a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json index c10b6f29c6..d0798fb8d7 100644 --- a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json +++ b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1dc5ecb-0076-4386-b5df-478776530f0d", + "id": "bundle--4a9e61a1-cfee-43f6-99c3-3ceb7d214017", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json index 056e0ade1c..31b2523434 100644 --- a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json +++ b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae3a1c75-c57c-4d0b-b253-35cd3555a6f3", + "id": "bundle--54205ee7-0761-4934-a617-c45ab27d5cd0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json index 52a80a72bc..003ea632f6 100644 --- a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json +++ b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77ccf5bd-a809-4039-a4f1-c8543f340698", + "id": "bundle--33ac30a9-6d7a-47d3-a90f-0163b69b0213", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json index b255f49fe0..6e26992822 100644 --- a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json +++ b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f02edd80-9fae-4813-8f98-c36e7a8d5bdc", + "id": "bundle--4f2341cc-611b-4157-a56d-977e4edf0ac9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json index f0f0d5b1e3..4979c5f09f 100644 --- a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json +++ b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bebc7937-faab-4e1d-bfa5-51517655399d", + "id": "bundle--137fbc97-8427-4e1d-901f-15d0a6c5eeef", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json index 327eff2420..ce1016564f 100644 --- a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json +++ b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--89884eda-c738-4cb6-b9df-c41e5fccf084", + "id": "bundle--a82e0589-e2a1-4cf0-b388-aee66c8ceb72", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json index c48af7f2b4..33afad6d19 100644 --- a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json +++ b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6679de43-6a10-4609-96a1-a734e8e971b0", + "id": "bundle--f81f1e8b-e57c-4299-955b-ab5135db9de8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json index 2775c24d9b..d91f9c7725 100644 --- a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json +++ b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2ec1757-d0e6-45d1-b5ab-84f0ee8aec74", + "id": "bundle--2c8e751f-5048-41ba-8c06-76a3262c6713", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json index 6e944c87d1..bf1e709d14 100644 --- a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json +++ b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c4dcb832-8aea-40b2-ba00-a538fb82041c", + "id": "bundle--f8b8dcd1-7072-495a-8289-d5e90fd9f25f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json index fe971a3e12..0bbb1b85f8 100644 --- a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json +++ b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b42d415-0061-4af3-ab1a-f2c3585f79b5", + "id": "bundle--edbf6d4e-cc22-4a42-bba1-652cc5f45856", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json index 1bce4109ca..05b37b6ce1 100644 --- a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json +++ b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bebd438a-b2b3-4563-9293-12d053efa128", + "id": "bundle--979ebfd2-d819-42a0-be1c-2e1dfeb5040f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json index 8d48076ffe..e7a5269519 100644 --- a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json +++ b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--106a8327-73c2-4ea7-95c6-4426684dd7fd", + "id": "bundle--3259dd8a-8a10-4ecc-88a5-71396a8535bd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json index a408034004..b4e8e58a2f 100644 --- a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json +++ b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6820f2d4-d630-4ea1-9130-caddc20114ee", + "id": "bundle--323dcb38-c560-4798-bba0-b1289bbb4f6a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json index 99780977d2..d54ccf9164 100644 --- a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json +++ b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2697525f-6a4a-4a05-b9c7-6d36be20095c", + "id": "bundle--c2786f82-8bd4-4da1-9342-162176ff49d2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json index 78a4fa86b5..3b96d6a208 100644 --- a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json +++ b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dd95ad37-dadc-4599-8b47-35279446e6e5", + "id": "bundle--9dd7bb09-e261-4dbb-8ee6-047ee212a0c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json index 3e2ddeed31..c79ba6aeea 100644 --- a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json +++ b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e5132e9d-04fd-48bf-b9d2-892fd7cc7db3", + "id": "bundle--7d23f73e-6dbd-4b6f-ac92-9d8815bbf8be", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json index f035f40169..4ce6c27c83 100644 --- a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json +++ b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5f19613c-daa0-4d90-9690-df38129ba764", + "id": "bundle--a4ce1f35-dffe-481f-8ea5-40b3b0bc21ee", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json index 4eab70b2df..28791ac2e7 100644 --- a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json +++ b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--04263c5f-1937-4664-89a9-365e2e2e14d9", + "id": "bundle--f254ae6f-ffb0-4c8a-a1b6-ec308ca8f9cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json index 7f6093185d..c9af8b93d3 100644 --- a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json +++ b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ee8c29f0-561f-4b94-93ee-8a47828737d4", + "id": "bundle--aeaf23f0-51a0-4cd6-94ba-601924f78c13", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json index 90dde278f3..5c521eac96 100644 --- a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json +++ b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--612960a4-bf86-46ba-8d63-692ff1880835", + "id": "bundle--872c17d4-3592-47de-b50e-0c2d4a16a02e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json index f4362d33ca..cba0a8db8e 100644 --- a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json +++ b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--49c661d7-15f8-412d-9069-42beea3c6c00", + "id": "bundle--6133cbc2-8d2e-4560-a481-a7ffb2826ceb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json index 7dca18efa3..beb8021946 100644 --- a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json +++ b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8c557378-d21e-4873-b837-1b4ac73c9337", + "id": "bundle--93c56112-6248-47e0-862a-1c22d6682cc5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json index 2450ff394c..d475091974 100644 --- a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json +++ b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--70c44784-2972-40cf-975d-61ebae2341ec", + "id": "bundle--87400691-8225-4f20-93bb-8062f2f6e055", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json index 5553d3c181..4b11c7753e 100644 --- a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json +++ b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45d36d31-4122-4ee8-9d40-d197773d88cf", + "id": "bundle--817b70e0-d888-4b28-b903-862fdbea21fa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json index d6f557812a..1a957fee94 100644 --- a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json +++ b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--154f52cb-1a1c-483d-9537-3f27cefd5cba", + "id": "bundle--79134c98-6dd8-4930-8d17-d12679d72f69", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json index e2a806a8fe..e31deefe63 100644 --- a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json +++ b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--31687409-8795-4cc5-85f4-8adb7e54c844", + "id": "bundle--12ce893d-b5e9-4aa3-8881-12d8b4d957c4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json index 70ceac8d75..f20e726a9b 100644 --- a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json +++ b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0461f763-1bf3-408f-8c58-a388e06c8142", + "id": "bundle--4483ef9b-ec96-4baa-8c57-f02b9c510c27", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json index 39c607a292..0b8c6a6409 100644 --- a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json +++ b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--84d4e0c3-e140-4bfd-9b6f-3c318db5b6f2", + "id": "bundle--20488e42-89e2-4ccd-8006-055ca933b348", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json index de324f4d50..183a521be8 100644 --- a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json +++ b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--617114cd-09c9-4160-a871-830671b82912", + "id": "bundle--8bb0bb2a-a4a6-4199-b850-32fd9fd17572", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json index 6ad1cc1157..32ae45725f 100644 --- a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json +++ b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77884336-a1b9-405a-aaab-fece6aa74da2", + "id": "bundle--203f913d-bc68-4cc1-9457-395359ad22c6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json index 6c5463d650..5f80e2f475 100644 --- a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json +++ b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43ae8765-6584-47c5-986d-aa6a5f24dd6d", + "id": "bundle--b1a23db9-b5f2-4e16-a2c4-4edb567a458a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json index e6ebdf1b20..0c6446201c 100644 --- a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json +++ b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--340fd841-f9b7-49cd-bbf5-b393950df7ae", + "id": "bundle--05cdf0b6-29ab-424e-8f86-e18d96146ff0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json index 4dc71ba6f1..4983874290 100644 --- a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json +++ b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6c5e8b5f-d1e5-47d9-a57b-3124b6cd8872", + "id": "bundle--7b7ce4f0-a2fd-4452-a354-a147bf9d7c7a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json index 3a805c0fea..657c30d0e6 100644 --- a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json +++ b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2b94e1c-2490-4938-a20a-ab3d00e2740f", + "id": "bundle--07fc17cc-4f93-41d6-9bfe-191d8acd3863", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json index 5ab34df0a9..d665b2cf56 100644 --- a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json +++ b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--74ffb643-b8fe-4e96-8a23-3a07306ee16f", + "id": "bundle--76f7072f-856a-4464-86ba-c6f94120f293", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json index ebb8ba39ef..2ac22b3451 100644 --- a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json +++ b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d29e6552-e974-408e-879b-330b9af024ec", + "id": "bundle--213e4920-eea9-45d9-9c1e-ac53a4bbe6c7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json index d82d1dd4a4..8e3ba79e66 100644 --- a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json +++ b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2c4a50f5-946a-43b4-a7a6-e4c345fb56cc", + "id": "bundle--f7ccfb23-e3e2-4465-9c3e-f7b6469b3555", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json index 7cf65991ba..6d032eb75d 100644 --- a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json +++ b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ef71bb68-7d0a-4eee-b2ae-8216240b6652", + "id": "bundle--f06c9a0f-5850-4454-9e8a-e2e48d6ffb6e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json index 9f25b14201..0bada9836d 100644 --- a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json +++ b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b8631e70-246e-4d6f-a2d5-4d910f68685b", + "id": "bundle--6f7ef119-a276-4a4e-9432-391c12719fee", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json index 429c88c001..656081b584 100644 --- a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json +++ b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ebca3187-579c-4900-80ae-b6580a32aa7b", + "id": "bundle--e2cadd42-d285-464c-8533-28668526cf9a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json index 36ecccd025..36769026f5 100644 --- a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json +++ b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f7b8321c-dd51-44ec-b7ff-5bfa069237f3", + "id": "bundle--eb89f281-7eb1-4d83-af0e-081862913dae", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json index e3181c719b..c9930af137 100644 --- a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json +++ b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ea88a538-09d7-4418-a5ef-38fd316a6597", + "id": "bundle--0a412b92-07d8-4e50-a176-6ee15a092560", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json index 746e94a906..aa1a77b0e7 100644 --- a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json +++ b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--57d97505-efd2-4e7f-a6c0-62ee2087bc17", + "id": "bundle--bd698d6e-9894-4dc0-9353-ebd1a06ec50e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json index 1ce0163480..e3c57da66d 100644 --- a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json +++ b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bbe7ceaa-24dc-4d20-b646-89544be0a7f3", + "id": "bundle--3ee9a8e0-232d-4802-8bf8-6bb3b439008f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json index 91ad517239..26a66836f1 100644 --- a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json +++ b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5b486a12-b7a4-4cd2-ae6c-aca475ff0978", + "id": "bundle--655068f9-b37a-49a3-b320-86b0807dae0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json index 2cb0fd08c7..f0aad100d9 100644 --- a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json +++ b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6d82f066-ea96-4299-ab1d-0cd98be2376d", + "id": "bundle--474cf3e6-5bc0-413f-9a63-2ba4a0d5af04", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json index 44eabb0be4..1bdd38625c 100644 --- a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json +++ b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--70ae9c00-344d-4e36-a76e-59dfcd603101", + "id": "bundle--7281757c-8546-4866-b3b1-2650f8f714d5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json index bf021a6365..bfc2d5b0a5 100644 --- a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json +++ b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--57455611-37cb-4b20-a210-cfb2f430aad6", + "id": "bundle--b13d2e12-c226-4fdd-9101-c5ec8775711d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json index 5b9d11d674..d3193e1947 100644 --- a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json +++ b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b2809e70-0d5a-4130-9a5e-11d11144e0fc", + "id": "bundle--73b85186-af87-4c58-bc6e-8f6a0901db9e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json index 18891d9574..a084681dc4 100644 --- a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json +++ b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4a59acd9-01b9-4e63-b530-b82a8fca96d1", + "id": "bundle--995f8016-8c98-4bd0-afd3-ab77057d9af1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json index ff03c524c4..2ae1d6ed34 100644 --- a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json +++ b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--98e32ec8-d814-4b36-8807-8385003051e7", + "id": "bundle--5aa51c63-e9a7-46ea-b24f-bc551d1211ea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json index f6c519b853..c9b92959ec 100644 --- a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json +++ b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--975e315b-0116-485b-8d9f-650fd529f661", + "id": "bundle--a601d1ec-30a5-4a6f-be1c-1159ca8d9c23", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json index 0134c323c7..9e7f299205 100644 --- a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json +++ b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aad508ee-9aec-4de8-b972-2093cae85e9b", + "id": "bundle--bdf16fee-a11c-4c7b-a4a3-590fee21713c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json index 04a150b41d..1485c3661a 100644 --- a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json +++ b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--11e88f81-b433-43c2-a4a2-ed6ac0a03f14", + "id": "bundle--dbb4f4cd-bb16-4d7a-9c6d-1d77d9d982a0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json index a7465612c9..86c694249a 100644 --- a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json +++ b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9f01401b-6074-49a2-902f-a3eb8db55f30", + "id": "bundle--9fee31e7-fdf8-4635-96fd-1db79ac37be3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json index f3d9c72ec9..533bd9ca22 100644 --- a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json +++ b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1687eb3d-76e7-4239-ae96-18f8ee39fe95", + "id": "bundle--7d1eca42-93d0-4ead-91cb-5a89fe15331a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json index bf7f2e020d..5ea8a352c0 100644 --- a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json +++ b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ad6caf4a-f700-4734-9bdc-cecace8d6b9c", + "id": "bundle--b329c5ae-4ed3-4c77-b0bc-73b2a2d49f40", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json index 7a63073b92..494a4308aa 100644 --- a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json +++ b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9eb18288-0f28-4a5b-9106-d24101c6d800", + "id": "bundle--72317172-e412-4906-8afc-248b8bdca888", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json index 84cd720418..41cdcbc424 100644 --- a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json +++ b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7921f84e-aa9c-41d5-8f48-241dd970419f", + "id": "bundle--76a00943-dc05-4d92-bb1e-307f018ffc00", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json index 736686c8f3..decfa6b42d 100644 --- a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json +++ b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7faed0fd-5599-4a7a-b3c0-cb60cfc74dd7", + "id": "bundle--6c06f8a8-e349-4532-868c-121342647c8f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json index fb747343db..1d78427b74 100644 --- a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json +++ b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fd7b7980-7c39-4e7c-951e-616f48624555", + "id": "bundle--7fe2bcc5-ec71-4483-bb18-f07ba51273fe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json index 72dc99206f..047b94b61b 100644 --- a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json +++ b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1d149196-4760-485d-920b-9004eeb48dda", + "id": "bundle--bbf872ff-e200-40e0-9e74-0a1d081cf9a3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json index 36f3f86006..c1e9813556 100644 --- a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json +++ b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--98ec71fc-fb52-428c-afd6-60d6a0fcce6b", + "id": "bundle--2bc24e52-c1e5-46f7-82f3-c32186dd8590", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json index 0737672530..2f28d2fc67 100644 --- a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json +++ b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b29ef9f3-f6c9-4f5c-ad3a-65e67f78d523", + "id": "bundle--52169988-fbb3-41d2-b0b2-dcc02bc0f593", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json index 7e0e4eea56..e85dcba09c 100644 --- a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json +++ b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2b180ed9-fe97-48c2-b505-b5239271d789", + "id": "bundle--adf6847e-f122-49ef-9ffa-9b48e579fbf6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json index 037be936a7..2b15aca7bf 100644 --- a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json +++ b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fddff35c-d8a5-4270-ba2d-c560f3cfe82d", + "id": "bundle--e5234a9d-e964-4453-a9d6-26e094651d08", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json index 07997f1f32..b81d485068 100644 --- a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json +++ b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e16e621f-dd42-4be8-91de-c10e1955b58d", + "id": "bundle--dfbe9a96-1df3-4ad7-9b0e-9733033a13d7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json index 55ae555d0a..ba196b938f 100644 --- a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json +++ b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4fcd2beb-e31b-4156-a58d-d0ebdb604a31", + "id": "bundle--84b71bb2-582f-4384-9ac9-a313ac26c2ce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json index de18980568..23560dac7f 100644 --- a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json +++ b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2540d1e9-0750-4bdc-b532-fd504551cae8", + "id": "bundle--d6c25944-feb0-428b-9dbf-f0a320619352", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json index 6dc2648d93..411bdf8003 100644 --- a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json +++ b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9c25d82c-1457-4c85-9c20-cea16597cbc8", + "id": "bundle--424b3dd8-f64a-4bf7-a925-2d78bf3d3268", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json index 99ebb46e8f..fcad3f77ed 100644 --- a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json +++ b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b0f16c2-028b-429d-be11-ff3d00592b46", + "id": "bundle--10656351-20c7-4174-8970-e018cfb4934c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json index b3ba2501e2..46d3c29ae4 100644 --- a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json +++ b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2980e32-2a2f-438d-a0e4-3e7056e5fd47", + "id": "bundle--59a645cf-bd8c-43e4-bea3-79c0a5b7be4a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json index c8c4004957..e04aadade6 100644 --- a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json +++ b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1d84d88-c74c-4fd8-ba7c-0bad21f9eb1d", + "id": "bundle--ee5c7701-eebb-407e-9603-f503d0d355b1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json index 26d55eff54..7083895f2e 100644 --- a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json +++ b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e3735aef-ac14-46b5-8b16-2b3a127ee74c", + "id": "bundle--35066da5-22c6-48f4-aad8-cee27f48e511", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json index e6eec1a6de..ff5fc8ca24 100644 --- a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json +++ b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b4053339-e348-4b3b-b78a-49a24c9fa0cb", + "id": "bundle--b4a0709c-976c-4f77-8fa8-01cfe534159e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json index 08dc82da8d..4e9e0a0c09 100644 --- a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json +++ b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9d9cbcd2-da27-4227-8e5f-61781e429ea4", + "id": "bundle--96cdc540-f35c-4c86-a0b3-c29ce2b05e10", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json index 40fc57fd12..161a00c72a 100644 --- a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json +++ b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--def800fe-9436-4d2c-bd13-b7b07f5c7a1c", + "id": "bundle--18cba0b8-82de-442d-b766-b6ef60fb6fac", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json index 77bf795ba5..e02bed5a09 100644 --- a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json +++ b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4232954a-5325-4870-bbfd-1d40996499fb", + "id": "bundle--463a5e68-357e-49c2-9737-da1cbdd4241b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json index 4603aae4eb..d6c3599348 100644 --- a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json +++ b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e82a5e6-2398-4cc7-9569-5e76c3ee1119", + "id": "bundle--5ee863f0-1069-4c0b-9a6e-6f4a14e83834", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json index 01bc29dedf..a504f093bb 100644 --- a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json +++ b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--25a1f2f9-ab62-4233-8799-4e4a8c563ba8", + "id": "bundle--2c874c3c-828c-437a-9fc1-fe3798ce79b0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json index 370c90b4b2..65c7e8fa61 100644 --- a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json +++ b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e9a5df3f-7afe-4ac5-932b-cd97b509d1ca", + "id": "bundle--7e5586a4-6c95-4554-bfd4-339a36023b66", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json index fcfbecf96c..0ee5e0eb82 100644 --- a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json +++ b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8da6fdb3-4c4b-4efc-8e59-5b28a2619228", + "id": "bundle--191cadc9-d9a6-455b-9fa4-8e659f3e5abe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json index a649541f95..75816eee23 100644 --- a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json +++ b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--01bcf7a8-34b6-430a-9298-8388cb1fd493", + "id": "bundle--90bea966-fd05-4b3f-b33c-87494699b15a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json index 5780fe9157..1c22901acd 100644 --- a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json +++ b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9c47c1f6-480f-4f92-9880-a04df8939585", + "id": "bundle--0e834058-e699-45fe-8338-53c22b1d391d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json index 59b393a420..3be012e48a 100644 --- a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json +++ b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--55479d4f-6d55-405b-b7c3-fcc44e413f79", + "id": "bundle--0effa48d-466f-4feb-a7c6-114fa2fdf2d5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json index c22e06f870..b2f86f0835 100644 --- a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json +++ b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--61befa3f-ddc7-4d08-b56a-a158ae149eb9", + "id": "bundle--d397b743-caea-4aac-97e6-a84ca6dfe0e5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json index cf413a594d..31945d849d 100644 --- a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json +++ b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6873209a-04ac-47e5-b4e3-fc78414aa1f1", + "id": "bundle--d10c5624-2ded-4762-9e5d-dd60f435678f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json index 47a99bb3cd..dc3191904b 100644 --- a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json +++ b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--275caf27-fda2-488a-8405-70feddc27482", + "id": "bundle--53ca00a3-eb7a-44de-8562-04930acfe084", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json index ad6f95ea2a..93ab1789b9 100644 --- a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json +++ b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3e427696-1e30-4b04-9120-153b2cd8c631", + "id": "bundle--0b909f56-a3b3-419d-826e-a71c4f7ac474", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json index 1af708b57a..f1136ee724 100644 --- a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json +++ b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9f90f11b-c1fd-46fe-bf8a-56eff09b6199", + "id": "bundle--ca6b66a9-cba1-4f64-a554-d8364b9cdf6b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json index df624ed470..289aa2e3d1 100644 --- a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json +++ b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fd58963b-d392-4200-8481-ac2aeb93c7f0", + "id": "bundle--f4483aa3-762d-4821-bc94-47b0fcb2ec0a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json index c6af7b21fc..14e6d1a25c 100644 --- a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json +++ b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4e4fa3e4-131d-4e98-96b0-59a52cefd652", + "id": "bundle--34b9a3dc-5b31-4b72-a967-a0a0877716dc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json index 3cdb99f2ec..a05fe903f6 100644 --- a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json +++ b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--22490af5-8675-4f40-90c5-de36cb119f8b", + "id": "bundle--25cd3d34-da82-4edc-9bd5-598d43d0036c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json index b44c1ed87d..a3d8109fcb 100644 --- a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json +++ b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--64a172d5-9200-4ffe-a8ae-df0e50c18da1", + "id": "bundle--a962a428-0cb6-4e26-b8ed-bb0b0ae4df90", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json index 268e967b8c..83e47dcd38 100644 --- a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json +++ b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--48327be9-ade7-4692-a88c-91aa1352e378", + "id": "bundle--4ae7fd1e-4920-435b-a745-5764a31c9925", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json index 3560537b90..5df04aebfa 100644 --- a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json +++ b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--486e78ba-3bbf-4a96-97f4-60298c98c7bb", + "id": "bundle--0378f497-939f-4fec-afa3-83760064d9c1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json index 83fc58bfa8..fd8b4872dd 100644 --- a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json +++ b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d63de8eb-da58-46e0-a5a0-fe5ba4ff415d", + "id": "bundle--6b96d1a8-2c3a-407d-817e-35294acc1cb8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json index 229bb79264..6b3b31a446 100644 --- a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json +++ b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18f15f5c-209d-4996-91f8-8cb8d72a0709", + "id": "bundle--2a946667-2ba2-44a8-b09b-d52943ecd079", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json index 5f0351db3b..b7e326a6c1 100644 --- a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json +++ b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--35b0838c-5f99-4a06-b0f3-dc895e464855", + "id": "bundle--6c0eb14e-b7b0-430c-b946-8d10158cac63", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json index 4f48499267..a5f54325e3 100644 --- a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json +++ b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--835e8cd9-2bc7-430a-b846-50edf36a17ce", + "id": "bundle--af0ebae5-4c97-4c44-b47d-87950e0aa2d3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json index f9ba4ac38f..7c1e01b71f 100644 --- a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json +++ b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3e6c3aae-270d-4a43-8965-afd0d8a0804c", + "id": "bundle--6e4c330a-ef5c-497e-9770-95c5c0377a3f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json index 1383c9eecd..732cca5af5 100644 --- a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json +++ b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18f5a8a0-73fa-4e71-9395-2302f951ba74", + "id": "bundle--02d8ddac-538f-4acd-9d85-bee64327ebf8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json index ae8c90c062..7683dc58a5 100644 --- a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json +++ b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--45a9bf37-5f13-4b58-b2d0-26cd67012f47", + "id": "bundle--f5ee6c33-7f24-479f-8517-656aaf74b014", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json index 934da3139e..d16bfe57ea 100644 --- a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json +++ b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3ce47c61-390c-4b56-aa28-17578a3aa012", + "id": "bundle--42908e01-e1ba-494b-b8d7-0ed898681f8b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json index 37cbd45c13..81f74d196b 100644 --- a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json +++ b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d14e025e-09ed-41e2-b9c1-6348129b2891", + "id": "bundle--2e98208f-d264-463e-9f6b-05fb043128b2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json index 1199abf3e8..acf5474476 100644 --- a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json +++ b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f3c1908f-0f8e-4d95-bb58-7936b42f9ba6", + "id": "bundle--f58e6467-ed74-4577-a531-ce95b65e46d0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json index 3af6d97540..e5e9e922ea 100644 --- a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json +++ b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2273cb9-9eec-4c48-bef0-6fdde7d1b221", + "id": "bundle--6c9af37a-8186-4e25-a93b-333628d1572c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json index 8c234c4bd8..3c0f256a91 100644 --- a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json +++ b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--11a83dbc-41bf-4dec-8ef1-1ce84e43dd48", + "id": "bundle--cdbd0018-a74f-45e5-b745-a0ae8cd48c8e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json index bce3257ce4..69a5f61305 100644 --- a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json +++ b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--44f13b42-b250-4e55-92a2-9ed385f9e359", + "id": "bundle--f81c746b-1cbd-433d-aa8a-b8f979dc4a2e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json index f51824b7c4..ad67c8a543 100644 --- a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json +++ b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bb2ca5d1-92c8-4b49-8be6-696aaed78f19", + "id": "bundle--a6c6a39e-a8c4-46d6-a481-1e1bc6a63fc4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json index 534392b23e..8d611a0dc0 100644 --- a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json +++ b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3a007b23-47fc-4810-a7f8-7495d1bcaf84", + "id": "bundle--30a6bba9-bc8d-4813-b600-5b6bdfa131c9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json index 07d7def38a..c562efb4e9 100644 --- a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json +++ b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4216c11c-d5a9-40e4-9f7c-9ab9b96fe42e", + "id": "bundle--ebcf4c7b-a31f-4273-b2ca-78ff974ccf80", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json index 8520500a8c..4413dc8a11 100644 --- a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json +++ b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8087f683-0abf-4ea6-8a4f-0b421bf965af", + "id": "bundle--5b53448d-9b82-4ec7-8751-d756fb4d980b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json index 8fdc403782..2fdb188c5a 100644 --- a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json +++ b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d5358d57-c0d9-4ca6-9566-08030dd5fbcc", + "id": "bundle--96c3a8a4-2bc0-4d2d-b3d2-5fb1aa89c6c7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json new file mode 100644 index 0000000000..1846757612 --- /dev/null +++ b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--67da30c9-e55e-4d9f-b1c6-61da6ee84e5a", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31", + "created": "2022-09-29T20:11:55.474Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:39:16.003Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + } + ] +} \ No newline at end of file diff --git a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json index a818c18e24..f11e5624b9 100644 --- a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json +++ b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b719d211-f929-48ea-917d-371b6ed5da4c", + "id": "bundle--e5796333-ff9c-425a-9212-786a226137fe", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json index d39e3d8563..c815c95908 100644 --- a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json +++ b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--90ff6e60-48a5-4ff9-8bc4-1e749f1757aa", + "id": "bundle--f5d24076-d0ef-4e39-93fc-5e4c227fff31", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json index 9b80da7136..55b5b1f3a8 100644 --- a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json +++ b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3865c21-95d5-47e8-87a3-23b52d1c5c11", + "id": "bundle--3cbbfc5c-110d-4284-89fb-4855fa3b1ce1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json index 9dd9943004..479a24c21f 100644 --- a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json +++ b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d27c563d-6047-4caa-badb-17159b01be2b", + "id": "bundle--c5a8009c-a4cb-4c0b-a500-eb612ef56294", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json index 374bf1c322..7e70a88a65 100644 --- a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json +++ b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--112f6080-7b1d-405f-b2e7-21af216b7cbd", + "id": "bundle--4618fe71-cfe7-465d-ae6e-c0a2d11993f9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json index 83304e5fb2..f1615d7bef 100644 --- a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json +++ b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--061f1261-8b0b-40c7-9d8a-4bf3af3b4f38", + "id": "bundle--b099925e-6407-4a10-b887-d2f2b728656f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json index e58fdade3d..6d9fedaa35 100644 --- a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json +++ b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f8babc8b-7b55-448d-bb57-aea95d8ed958", + "id": "bundle--ea120c7b-6124-4928-9e11-d9348c65454c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json index 66d94118f4..262ffbf5dc 100644 --- a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json +++ b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--54dc1b98-e6ad-4ce9-bef9-58cf6cef65ab", + "id": "bundle--7ab874d4-f5aa-4eac-a47d-5b2d7d9bbba1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json index 0d01f6ed50..26b04fd033 100644 --- a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json +++ b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cea202fd-29d0-4925-9623-3814290e58e1", + "id": "bundle--0e801de8-48a8-4d57-a3c2-679150cfb20a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json index 54b80c8c28..16a685903a 100644 --- a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json +++ b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4edd8ba3-12f2-4cba-ac14-275e9c75513c", + "id": "bundle--b521307b-8e44-4f3b-b133-a4bc79835179", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json index 3bf17c4739..90a153f75e 100644 --- a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json +++ b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a2a70f6a-3acb-4445-af4d-875e1fc2b7bd", + "id": "bundle--593f4015-f1b2-4567-8647-9a81340b6b51", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json index fd6697c237..dcff39f8fa 100644 --- a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json +++ b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--10c3bbb4-4f58-42f3-a792-6f231bd14098", + "id": "bundle--b4dd6c45-4050-4ff0-af54-eb0a73dda101", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json index 3ed83ad1fa..46347ade9f 100644 --- a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json +++ b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--704a2648-bdd4-4aec-8bc1-915d6771207c", + "id": "bundle--87d77a03-244a-4212-af85-bae4bdc8f439", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json index f545946bad..53196053e3 100644 --- a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json +++ b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d2168a33-b3c8-423d-8776-233a4b836969", + "id": "bundle--ac09ca9b-583c-405f-a143-e3c951170efa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json index 95886d3f4c..30771c4413 100644 --- a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json +++ b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--da560807-6510-42b0-9aeb-887221aa4345", + "id": "bundle--20b789ef-1fd6-40df-ae5e-120802af8760", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json index 1690c40dfd..5c5c6bc627 100644 --- a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json +++ b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a49bf7bc-6b6b-4a4b-906f-ef2dc93d5f95", + "id": "bundle--0a31646f-bdf7-4212-8a49-0bf494c86a5e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json index 5a2717e75c..76de63b866 100644 --- a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json +++ b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b237563e-e24a-442b-809d-a6d9d7a4c7be", + "id": "bundle--1888e957-2beb-4c51-8839-b6049e969c76", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json index fab1fba1c3..b0d6ce2bc9 100644 --- a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json +++ b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a5694a8f-ae18-4fd3-920a-11348d37bbb0", + "id": "bundle--3834c3a5-bf63-4c96-8585-d666d7078b31", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json index b73348be8c..af12e9fb4f 100644 --- a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json +++ b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4aa96948-8c00-429b-a646-7fef756223b1", + "id": "bundle--2e9ce00d-d875-4120-8e92-9c8436571241", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json index c829afee72..568450b641 100644 --- a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json +++ b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7bc415bb-5caf-41d7-92ef-0e1356a154ca", + "id": "bundle--4d399385-e280-4d06-96ae-7c167052453d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json index 166130d8f7..2c6860ebc8 100644 --- a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json +++ b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4edf2a71-5203-438c-b798-ee1949a802f2", + "id": "bundle--d5dc589c-7d89-4eb8-b356-d6131e76a2a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json index c5a9a30cd2..589e8b8e80 100644 --- a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json +++ b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b59e3c26-59fe-44dc-8af5-21539f9381c0", + "id": "bundle--aaf268e5-796d-42aa-a35b-24ce98316303", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json index 7e812d7b02..dc319ecc4a 100644 --- a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json +++ b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eeef1b7a-4497-482e-ac4d-28e8bfdbc2c4", + "id": "bundle--5f45968f-558d-421d-b84e-4637f91abc0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json index 653068b602..3f4a391cf8 100644 --- a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json +++ b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--12b0037c-8c18-47f9-abff-f0ff6df0e7ae", + "id": "bundle--5da51d63-f51c-45dd-8439-257664f89b31", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json index 3ef11b17f0..d6470afa5c 100644 --- a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json +++ b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--861fbc30-63eb-4639-bd53-1dbaf9244cd8", + "id": "bundle--7ede9e3c-721f-4dd5-9413-daf5a3971b71", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json index 112ea220f7..6c398b8c87 100644 --- a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json +++ b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b32a48ea-c361-41eb-a20a-e1fecd1eff39", + "id": "bundle--55cb18ce-e9f7-477a-9a89-025c2f1ebdc2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json index b61a920bca..3986c9f08a 100644 --- a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json +++ b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4c7f6e19-1031-4cad-bb00-b999bc0e48a1", + "id": "bundle--cbb0f879-9cc4-4fb6-a807-90842ee7f576", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json index 853a96514d..8ce64a602c 100644 --- a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json +++ b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1315111-2a77-41ce-af3f-ccff072a1046", + "id": "bundle--4b835aba-7e66-4a96-8d0d-1362d6c53d77", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json index 7c00be5355..71da7c6501 100644 --- a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json +++ b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9d7b51fe-6bad-43e2-a3e6-6367c4496e1c", + "id": "bundle--2fc7bb4d-6917-430e-855e-1bdea537aa55", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json index 38c997a08e..b5fb00eeb9 100644 --- a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json +++ b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--28bf51c6-13c7-4b2e-a745-ccb6e54d5a14", + "id": "bundle--fbc34a51-25a0-4092-b581-dc69413acf0e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json index 8fa312e450..98a05fc81d 100644 --- a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json +++ b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a40a2d4d-a00f-4e66-b2b6-10b31af19ede", + "id": "bundle--a2d4f15d-8dde-42b1-abb8-c562226c349d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json index 1de4d32b92..cca3bcc50b 100644 --- a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json +++ b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a4833156-f3bc-4546-a14e-25ff3e17173c", + "id": "bundle--06009f80-d45b-4b28-ba02-c2777636e0f0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json index af74deda52..cc6dc5ea54 100644 --- a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json +++ b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b41de55-2789-427e-a133-64bf04ccaaed", + "id": "bundle--ec2c621b-5576-49cd-8fa2-f984b9e4761f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json index 139061af9c..24aee27afd 100644 --- a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json +++ b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f6d56356-6d4e-4f8a-94f0-762879ad23ea", + "id": "bundle--5c3417a6-58a8-41da-a3a7-f30be0803d98", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json index be6ebbea31..1577c77818 100644 --- a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json +++ b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9ce7a9ab-b22f-42c6-af3d-7fa801f390a1", + "id": "bundle--7ba2729f-b09e-4c25-bd48-eb3839404971", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json index 814023bcf0..ee2ba20b25 100644 --- a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json +++ b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91e40191-ede6-44ab-9c1c-cf80c03c4df0", + "id": "bundle--6ceb902a-8668-4aa2-a0e1-36d1e7539fe5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json index bedc6ed1ef..ea3934b6ee 100644 --- a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json +++ b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f7f71a36-cbe8-4e42-8ed4-b9755beafebc", + "id": "bundle--e4924314-a4eb-481e-bf86-480ae0bbf346", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json index caa8803366..69df0dcf22 100644 --- a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json +++ b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0bc3cf05-d989-418d-bc61-03214ea445c1", + "id": "bundle--cd93ed04-00ee-4e99-b955-09e2f09234be", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json index 1c98ec1005..cc45e437b0 100644 --- a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json +++ b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--176450bf-4733-4234-956c-613ae62632c4", + "id": "bundle--309ea3e7-4d9b-4d10-9fac-305f4511f646", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json index 42c82a76ef..0c9d007339 100644 --- a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json +++ b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--776ff735-be39-4da0-8736-184a35897d95", + "id": "bundle--5edc90be-76a2-4f13-aefe-d2c3ce7887f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json index 50b58c6623..5ae43ed884 100644 --- a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json +++ b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f13ddcda-8413-440d-9e1d-5aeabe63785f", + "id": "bundle--61e62760-1ff5-42c3-a6cc-178455db8256", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json index e5359e5315..0d24b15a1b 100644 --- a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json +++ b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--604efcb2-6938-48a4-82eb-0ad6cfce69d3", + "id": "bundle--270ff280-b771-4012-8030-641522beda3a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json index f534313a5f..3d63a8e12e 100644 --- a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json +++ b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--97452990-8b4c-4324-9a05-cf3819e58c29", + "id": "bundle--a97869bd-68b8-4b58-9df3-b0ed431b0679", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json index 41ed4a9625..7144184492 100644 --- a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json +++ b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6f172c4d-fac4-4a24-a422-8b271d63d04d", + "id": "bundle--3d25a69e-5492-4704-95e4-67b4df3e9e87", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json index 35edadcf5a..90eb10c34e 100644 --- a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json +++ b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--386622b8-9d6f-485c-9bab-b7f243f90648", + "id": "bundle--aaea92f0-03d3-4b10-940c-b186a082a9d1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json index 7ab6cb65cd..a04b6da2a1 100644 --- a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json +++ b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ba1a2dab-9400-4e34-a064-62ba1cf0ba84", + "id": "bundle--b2b73f8e-222f-4560-882f-3acf8dfc4257", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json index 8852ca5860..4a2454a479 100644 --- a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json +++ b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a3cd86f8-c572-4c6d-b139-689842e3328c", + "id": "bundle--7923f498-af5d-4523-95bd-4d632a001f01", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json index 241e3a8bb5..9b01feebf6 100644 --- a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json +++ b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ef8e2f21-7867-4a37-8968-33b79692c24b", + "id": "bundle--948e1214-e0d0-4354-9731-769ee90f3fb8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json index 04985e934a..72e655ab55 100644 --- a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json +++ b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0ef81113-9605-4709-a280-6aab8e6e83af", + "id": "bundle--0faf1a9d-9f9d-46b9-bb55-4e35b645a61a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json index 9d9037076c..db2c9e779d 100644 --- a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json +++ b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--55b86f2c-f12e-4e73-b49d-25a67ad8e004", + "id": "bundle--d3a5e2a4-1d19-493a-a54b-9dc12693cc0b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json index 969508c5d7..a053406034 100644 --- a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json +++ b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8809c085-f5ec-4441-95f9-c0f8cf2599eb", + "id": "bundle--70ecde28-4b35-4539-883b-ac4537f62405", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json index ded5ed0d88..57794b0d99 100644 --- a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json +++ b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7e728c92-0ba4-4c24-a715-af2d6171b428", + "id": "bundle--0454d860-97f0-4324-936d-70c959a11e53", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json index 8aafe01de7..aa25875514 100644 --- a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json +++ b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--69a03e0f-d859-4f54-b508-c6fd80f2e1e8", + "id": "bundle--2cd7a5fa-def0-4254-8775-cc830d617d97", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json index 16b9f05641..856cb6f570 100644 --- a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json +++ b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac41c6c1-3a16-4e67-8fa1-42158026bb6b", + "id": "bundle--0b330acb-4e99-4d6f-98e6-ab56eadc5297", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json index 708314d5ea..5a2e027143 100644 --- a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json +++ b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a8d55153-c289-4ee0-8df3-4d84ded6113e", + "id": "bundle--899e490b-a3b8-4c22-9b5a-792a858be2f7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json index 02190aa80d..04894f71da 100644 --- a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json +++ b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f15b2848-3623-4866-8498-ee38c0d02ea9", + "id": "bundle--11a3ea33-6b3b-4307-a1f0-b548867c5f9e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json index 095b699d7d..00695e1edc 100644 --- a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json +++ b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f14ed37c-c9e0-46d4-8849-aede6fd452bc", + "id": "bundle--c2e2b6a4-cf30-4638-9cbc-d813c3af556c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json index a638bb5aa0..9f36372f09 100644 --- a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json +++ b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b06dfe1-1931-4c16-9365-bfecc45ffe9c", + "id": "bundle--e722296d-3ae0-49e3-a0c8-58d049516f55", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json index bfee7ebc94..7b13ca8881 100644 --- a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json +++ b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1493657b-1e73-41cd-ab8a-f50b85f19540", + "id": "bundle--03f1ea48-7661-41d2-965b-301944e0cce2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json index d67cec78ba..ab9406acdc 100644 --- a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json +++ b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4a505bff-4b68-4b61-b464-2d477d9d9144", + "id": "bundle--107b4958-a356-4d6e-823c-e55b8f07ad85", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json index 674f782908..0b1faa072a 100644 --- a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json +++ b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--664b5be9-cc1f-444c-91cc-0067f3916fe1", + "id": "bundle--1b5af35c-f5b7-449c-87e3-d7865ea43367", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json index da3dbdd93b..c7216d9f97 100644 --- a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json +++ b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f6d8e038-9c60-427c-8289-4ac5b2820806", + "id": "bundle--92939c3e-70e5-4715-bba1-0258facd750f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json index 4630521d08..6b0be0b2db 100644 --- a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json +++ b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e986b685-f6e0-4faf-a150-95dee24815dd", + "id": "bundle--df647ac0-1083-4c34-9ff3-b9a4684cb00e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json index 41cc3b80b1..95deb01641 100644 --- a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json +++ b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c8555130-bae7-4300-9b6b-5ca809369ee2", + "id": "bundle--216e861c-eaf4-4643-9580-f94f660c1d8a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json index 64ad4113e9..83baca6994 100644 --- a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json +++ b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--63e23393-7245-4b8c-8897-30b0ff59a1d8", + "id": "bundle--8ccac259-9193-421d-b223-35a6b0765932", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json index 58d0f56a48..539f2e14b9 100644 --- a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json +++ b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8df3a2cb-1eb2-4ce9-afb1-a8d4bc0d2715", + "id": "bundle--611f7bf2-b972-4229-88ba-5421bafd086e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json index 8703c6cb8f..92100a7fdf 100644 --- a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json +++ b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b4f5744-ad6c-4514-8665-0067b44533a1", + "id": "bundle--82d96ce6-0c7a-4678-8e85-8b44e2176953", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json index 07535baf25..70f6d77b33 100644 --- a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json +++ b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--58bb7b13-3c27-42e5-a29d-de726f2d97bc", + "id": "bundle--80365e06-0cf4-4bf2-b7d9-9c9c956178ec", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json index 7c347fccfe..a4eb6533db 100644 --- a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json +++ b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9af0fe5-3f29-4a83-91fe-31f03d3d3d50", + "id": "bundle--f058bef2-afbb-48da-93c2-72ccc0c3d0f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json index 410d1de2c7..0a587d81b4 100644 --- a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json +++ b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ddfa2d54-3bf4-4253-9534-2e746d3eb6a1", + "id": "bundle--0cfc68fa-17d5-42d9-8b31-87c82191cd6a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json index 82ec2c2a30..fd80c90f6d 100644 --- a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json +++ b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--28ce3e98-c5f6-4cc9-8a02-1e4525a5a69c", + "id": "bundle--da19d08a-7a5b-4a5b-a9f6-3c7d7f8fa78a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json index d1cd6cb463..b65c6ed49c 100644 --- a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json +++ b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--81a94ef3-ac2f-4b94-a3eb-af2a839d6c37", + "id": "bundle--6f7cf9fc-c742-4d61-9319-8c0877a9c7ee", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json index 3faeb165d8..328b46a203 100644 --- a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json +++ b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--49eab57b-8846-475a-873c-15b5a90e5312", + "id": "bundle--0a079bbd-5adf-4db1-ba2d-5d98ede3f977", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json index 7e8f0b8dcf..1b1263f4c9 100644 --- a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json +++ b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4cddcfca-245f-488e-803e-c818ca2df01c", + "id": "bundle--d195d9c0-f6c0-4dc9-9c6a-fc9a28a1f038", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json index 478dc8fd4a..726a70ebc8 100644 --- a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json +++ b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--75fcb96a-f695-4b83-b90b-232e3a1dc40d", + "id": "bundle--1da937e9-67a2-42cb-9f53-55592ae6f074", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json index 743f6d8c1a..77e288ae27 100644 --- a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json +++ b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--21605545-4487-4521-9ef6-4b84ff033244", + "id": "bundle--f701d07a-cca2-4927-913a-247cd6776e10", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json index 226bf90d77..3a1f28979a 100644 --- a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json +++ b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cc2960ee-03b9-4976-8a8a-59137d0aaa15", + "id": "bundle--f560b752-6903-44d3-9223-2575781f64ad", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json index 15550b70b0..b507d6edbb 100644 --- a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json +++ b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8058f433-d035-43c7-97f4-c4c7e593ffeb", + "id": "bundle--ab56db23-64b3-432c-96e0-6be7a9b9964d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json index 5271dbf6ac..13991c4833 100644 --- a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json +++ b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--064a87e1-d9e7-4029-b030-01cc10cf048f", + "id": "bundle--e9084222-af6f-4925-97da-8f4d7ef8f7f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json index 95ec420729..e8cdf78637 100644 --- a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json +++ b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c9c60e77-3d08-4935-a6d1-309863b1b885", + "id": "bundle--9dca9b49-a713-4c14-afe0-62b6d1b46f6a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json index 4d4bb4f79d..1f2e3b8b2c 100644 --- a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json +++ b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--53dca6e5-1192-4f1d-870a-fdf14223e970", + "id": "bundle--f9fb226f-da6d-4618-9d5c-ae5908a527c0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json index 3bec666887..d53528b5e3 100644 --- a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json +++ b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--727af242-57e9-4257-a95a-81260b6f3b20", + "id": "bundle--70663f37-289d-469d-af65-38dd7991fb50", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json index 3d324457bc..cbc0f27bad 100644 --- a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json +++ b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--46f2fd96-7cd1-4cb2-a980-461d5756c334", + "id": "bundle--ade37369-3114-43fe-9713-7540c175a418", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json index 1321c0a21c..af680471f4 100644 --- a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json +++ b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--da0495ef-a1ce-411f-b615-a647487d129a", + "id": "bundle--4c4b662d-73af-4c19-a253-b9fd72b5530f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json index b470dac930..0182200a47 100644 --- a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json +++ b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--19369467-0629-4368-898b-5d41f37e79ed", + "id": "bundle--6eea40af-7ae2-49bb-b287-faf4c8655d91", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json index 9ee73ea7cc..a62be9e422 100644 --- a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json +++ b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--acfba767-916b-4089-8b6e-30eed4606df2", + "id": "bundle--219a7fb1-e2b8-47ef-999b-28e2ee8f8654", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json index dcde05ded2..1a75d8cbd8 100644 --- a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json +++ b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8b731733-7784-474f-a473-76ed22693317", + "id": "bundle--39c158be-34c0-4b66-aa67-e1230b287635", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json index 4be1ab5573..460ee77b28 100644 --- a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json +++ b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e00f40e-6cc4-49a0-bd6e-7f1651c7444c", + "id": "bundle--2ce3d0e4-12ed-4a00-b484-ebf4b41f45a2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json index 39c811d2d1..dc6780f0ea 100644 --- a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json +++ b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--23020ff0-246e-4a62-bcf9-98a2a32770c6", + "id": "bundle--e05bb150-e5e2-4cbe-85f4-530484da1eab", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json index 9313de9f31..a11a04f79b 100644 --- a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json +++ b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6f0bbf6c-3f2a-47bf-ae84-61f0bd29732a", + "id": "bundle--cb7fee73-733e-4592-9b32-ee64daee55ea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json b/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json index b107d4be3d..8e45bfec22 100644 --- a/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json +++ b/mobile-attack/relationship/relationship--ac523dfb-36be-4402-acf2-abe98e183eef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e24f6b1c-3fe4-48c6-aff7-7c2aa9ba51a6", + "id": "bundle--32a3c414-0337-4e2e-a7c5-5b0bb06cbdaf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json index e2969b8467..6586496fc6 100644 --- a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json +++ b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ba80ca94-edc4-4b23-bfa4-6dbf002a05fe", + "id": "bundle--d89391a9-159a-4145-95bc-d580e5e547fb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json index 31a4d0dc42..f49befc62e 100644 --- a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json +++ b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1d8264e-5d64-4892-9b92-5dfbbd425066", + "id": "bundle--0d1755cf-de49-4269-a4bd-8f3c7d3216fa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json index 759e701dba..55f5bff01a 100644 --- a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json +++ b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--898a9899-387e-4e8a-925a-e5f9a191d546", + "id": "bundle--59e1f392-e027-4f6b-bc7e-a4bf45fd175e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json index fcb68e5443..6f5917dfeb 100644 --- a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json +++ b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3fb3de16-55ff-4639-bb44-ac2e56aa89a1", + "id": "bundle--4b969d6f-fe32-4f5d-84a2-f50b319ba14f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json index 5deffafc49..1f3c67d56e 100644 --- a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json +++ b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ea34936a-d82a-40aa-b365-cb3b73d4088f", + "id": "bundle--6fdf5adc-765c-45bb-86eb-b2b2bd30f2a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json index faf0c01c6c..81f4a10e49 100644 --- a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json +++ b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--922820f5-7d56-4c68-a1f7-8c86b7c99ba2", + "id": "bundle--706e36d9-dd19-48ef-a14a-43d049213423", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json index 6a28e27433..8fd18c4beb 100644 --- a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json +++ b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--31b524bb-731d-43e7-853c-709492a4fd72", + "id": "bundle--5bae0c5d-d24a-4da0-88f9-15bd3365fbb4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json index 52c19b52af..fe8090aa40 100644 --- a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json +++ b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2be1801c-8397-42c4-ab54-5f2b37f91e5c", + "id": "bundle--6546a85c-527b-462d-99f6-9bcc577f3dc1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json index 4c230463d9..2f2b789abb 100644 --- a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json +++ b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fafb7ebc-9ead-49cb-9fa8-ddcb193bdc94", + "id": "bundle--70a30d85-450e-4b82-bdca-563deb57f9c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json index e00c10c4f9..5e4a9d8fce 100644 --- a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json +++ b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--26c5b9b5-099f-43fc-9b70-80c6c0b2cc9b", + "id": "bundle--3a8a1f1e-5b48-464e-a0f8-322c5aa5b1a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json index 06cd70b9a4..6cdbd1eedd 100644 --- a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json +++ b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8768f361-4433-43aa-b573-d67ac6acf1a9", + "id": "bundle--451ebaa6-5a2a-419d-889b-def053957e62", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json index 276c097692..f768ba787a 100644 --- a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json +++ b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9e58e9ec-c637-496b-8025-8eb159ecaa83", + "id": "bundle--a3e7cce6-8ac3-4e7e-9793-fef3b65c619e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json index 473fdc7360..191b4fd145 100644 --- a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json +++ b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7dbe8e8e-0d88-4588-a518-9c9ba4bf52e5", + "id": "bundle--bb0daf96-3ec0-4543-b221-1d58d31e7d63", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json index 4cc36ba849..9ffa046360 100644 --- a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json +++ b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc5a8a98-9ae4-438f-8e75-3cc6fe88be92", + "id": "bundle--7420917d-ac33-420d-b6f6-b78b468d9496", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json index 12039be9d5..2980b3b2d1 100644 --- a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json +++ b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7ac2db39-a9de-4685-9248-7e195c56aa8c", + "id": "bundle--6b18b1c2-d355-4b3d-b3d4-28703642172f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json index 06b12668a4..d37c4980bb 100644 --- a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json +++ b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--236243ce-0b70-449b-b8b4-a89db2336a27", + "id": "bundle--5d1c26c6-da70-4250-ad09-0363545a111a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json index be6318e771..6d8615f119 100644 --- a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json +++ b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5b840ef8-734a-44c5-99c2-a587ba2f8fcd", + "id": "bundle--a91091b9-4098-49ca-bc2a-3f0514b4d312", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json index 34136405bc..fdf6e01830 100644 --- a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json +++ b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8adb6a91-5033-4185-b67b-60d9ad4c4ab1", + "id": "bundle--231f50bf-6d7a-442b-a3fe-69c5a64cc408", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json index 87000e160f..abfb36e057 100644 --- a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json +++ b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ba4f118c-2faa-4a0f-89c5-61ddf06d7818", + "id": "bundle--edbd1e4b-91cc-4136-8cdc-cef760ed83ce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json index fe27bcb826..d25d2f83ea 100644 --- a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json +++ b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d122ade6-7870-4fc4-a9fa-80df7fb22257", + "id": "bundle--f1ddc972-b3c6-4230-bd2e-439f04b46320", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json index 4cc50abbad..06685020d2 100644 --- a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json +++ b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cf584ebf-cf17-4ef1-8aea-e15ad1de40b0", + "id": "bundle--f30b9ad2-7b17-498a-a944-7f96d92f2dce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json index 44d06ac0fc..4a93a0ea98 100644 --- a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json +++ b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f1e7e734-0e5c-4975-b7aa-5d324d0d5bcf", + "id": "bundle--aee2ea45-ffba-4c79-8e1f-fc5c92bf4a97", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json index 9a2b5c04c3..312a39ca56 100644 --- a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json +++ b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5af12012-a90a-4f66-8d36-8d990871e9d6", + "id": "bundle--e948c00e-16d4-49fa-a942-934254863d7c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json index c0bdbdb4ca..9367fca6b6 100644 --- a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json +++ b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8d8b5bf9-aa0e-4bba-a504-932ec4cc8985", + "id": "bundle--24509cdb-83b2-450b-842b-669620227113", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json index 6fe102560f..aee49aea0b 100644 --- a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json +++ b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c785426c-e423-4be7-a575-d0697b25baa9", + "id": "bundle--e96bd888-95bb-4698-919a-aee974936691", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json index 2260bc9b04..f11083cc01 100644 --- a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json +++ b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1529c82c-5386-4b2a-bd54-8eb152b268b5", + "id": "bundle--2240620f-ec91-4854-aff1-b9ecfc6d345a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json index 4fd53fc9b9..5811f6b807 100644 --- a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json +++ b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e2407550-b3be-49b6-9f7b-0b2a8b7fb923", + "id": "bundle--bc46557b-081f-472b-a0ed-bcbe363247ed", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json index 86dc5e791a..6491f61ff4 100644 --- a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json +++ b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--113020ea-95ca-452a-9a7f-55ca5fda893c", + "id": "bundle--7dd1a3c4-37e6-4cef-adee-c8f0fc6bc40b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json index e9b12e0b34..c5d770510c 100644 --- a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json +++ b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08effda6-5d5d-44cf-b763-e88044ebc5f9", + "id": "bundle--574c519e-c5fc-4d5b-8d68-00f0f6af1421", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json index 114fe9e76d..10d8c4f353 100644 --- a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json +++ b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d937eb80-2145-4997-9ef2-c4c43f913aab", + "id": "bundle--5fc0077f-5a24-4a7a-9248-1eda146b5049", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json index 24af1c540f..d8ccd06f09 100644 --- a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json +++ b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ce4ec40b-ba37-472c-ad68-d9375c77c47f", + "id": "bundle--eb331a1e-b56b-401c-9565-1504b9bf2409", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json index 384a5a4a67..c15ccbb0ff 100644 --- a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json +++ b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c760f9af-f8fb-407b-abb4-662c1561547c", + "id": "bundle--322213ce-bcf2-418b-8009-fa05331b3006", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json index bc8620e014..ce8bc5c938 100644 --- a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json +++ b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ce20ed1-d9b1-439f-b151-39d7b9c666c8", + "id": "bundle--d0073c68-3ac8-4451-90bb-2d42546bc371", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json index bd3e16b4f9..00eddfdaeb 100644 --- a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json +++ b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--59211e09-3cf2-411a-b144-7926f833393f", + "id": "bundle--e304a9c5-bbc9-4a6f-9601-5328ff4c6482", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json index b25e3c9d56..5310506a9c 100644 --- a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json +++ b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0871ed86-d3de-45f7-b7ff-d31713291722", + "id": "bundle--4de18cc7-4b95-48c1-8345-304068aaaea0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json index 9e270d091e..daaa21973a 100644 --- a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json +++ b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--242c57a4-6051-445c-8d97-2aeadd75ff9d", + "id": "bundle--2b886649-c016-4e4c-a134-e3fe25f10927", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json index 9bac1c02c5..82c6b39b7d 100644 --- a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json +++ b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2f4b7c77-0224-4de2-901e-86c850e2e2ac", + "id": "bundle--2029d326-e2bf-466a-9aa7-521eb46c6bb8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json index c41fdf58ec..e4ab49c7d9 100644 --- a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json +++ b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--938a822a-e4a1-41d1-8487-f4b3fc58d170", + "id": "bundle--2d5b1924-c970-4e7b-989d-ceb1ff008d01", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json index 537e150068..89ce49ff70 100644 --- a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json +++ b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a2cf9fa7-bec0-4134-8648-af748c9da278", + "id": "bundle--e31caf33-72c9-4f70-b25d-749f1cb188be", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json index 60af883516..726a12ab96 100644 --- a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json +++ b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--579d161a-c8ae-4edc-83e9-4112717a2e0e", + "id": "bundle--c5d90688-7e43-4f0f-a08a-d9a2bed260c2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json index e158f55d52..299bf9c52b 100644 --- a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json +++ b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--25fda9ec-ae61-4267-aeba-c5d08da7420d", + "id": "bundle--5c8ee0ba-7341-444e-ad4a-77d0720e24e2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json index dafceeb45a..3bf91e21e6 100644 --- a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json +++ b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ff64ddb0-f4bd-4d83-bae4-ddf08ac83e99", + "id": "bundle--68158ded-00ff-47df-812c-fc32396e444b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json index 09073cc4fc..87e1b6cbbe 100644 --- a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json +++ b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fd1d9d04-e7be-489d-acd8-a87df709a17c", + "id": "bundle--bd3cae8d-6ed5-4e97-ae2a-b2a6304e3d53", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json index fa215e3f13..e980ff01cd 100644 --- a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json +++ b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--af3cf8ce-f89b-489d-807d-6d2dd15baaad", + "id": "bundle--d655133c-12b2-4c0c-a20e-b750c6998785", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json index 250b896c73..53f9afb3b3 100644 --- a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json +++ b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3b786091-c7a5-41d7-89f4-6065006f9f1f", + "id": "bundle--460301a8-d003-4116-ab50-c91fa1ccd1c1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json index c66eac4032..3f91836e9a 100644 --- a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json +++ b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--453e7d57-e289-4eea-87a1-a6564589a84c", + "id": "bundle--d46a4f4b-9cf3-4a68-b69b-e0e10fca8816", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json index 77d686486f..ddf6f97af8 100644 --- a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json +++ b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bad30f22-8358-45b5-ab8a-31d6ba86086d", + "id": "bundle--35098830-958b-4ad0-852c-5ace882f2895", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json index bf2c6683de..4487a28f8d 100644 --- a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json +++ b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6ef59345-3c87-4d6e-a954-db0a8b479189", + "id": "bundle--1242e454-920e-4f01-9d6d-dd5a44c809e7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json index e2aff233ba..13d36d2150 100644 --- a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json +++ b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e6c5caeb-1d9f-44a1-b138-9a2870567a29", + "id": "bundle--ea9682f1-8bbd-43a1-9dcb-1957bf344d65", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json index 39deb99843..9fd97d2088 100644 --- a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json +++ b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--05be0ba7-b450-4c22-b7ed-2a55e7f161c9", + "id": "bundle--738eb4e7-20fb-47c1-8e5e-28a1e06c7b58", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json index 47349f02fc..0794770711 100644 --- a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json +++ b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--10960e37-2656-4eb1-81b4-90eb21757989", + "id": "bundle--7db353e0-2abc-45cd-a0eb-22248f0bc479", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json index 9981928d36..1f4dc59bc1 100644 --- a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json +++ b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--db07775a-71ea-4d9d-be1f-79505f2197e3", + "id": "bundle--9e886f47-43a4-4dc8-b761-ae9300ba6149", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json index d3e2d9db4c..dda419c479 100644 --- a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json +++ b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d66c951f-38f5-40b2-a32a-a3374bf75206", + "id": "bundle--7579d56f-e1e1-480c-a2d2-1f5bef5d6fe5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json index 2ef070aab2..30d303fa84 100644 --- a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json +++ b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--400949e3-9e43-4ddc-b66c-7a95ea6cf544", + "id": "bundle--a0f4fdb0-b48b-4b2f-8c60-5546207e932d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json index 1eeaca676a..dd20e12990 100644 --- a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json +++ b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--50aacb92-86f0-40f6-bcd2-734066a2efae", + "id": "bundle--9d86b898-e502-476c-9c3a-46e60c024b76", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json index 14357c08ce..6b9f68d8ab 100644 --- a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json +++ b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1243352e-1d87-4b58-b150-a2777f00d42f", + "id": "bundle--6745dd10-45f3-4d30-8ca0-33625bb2672b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json index 32f5c46a94..2b46549477 100644 --- a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json +++ b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fa3a8b38-4e56-49a9-ac0c-4a47a086ca58", + "id": "bundle--e3058b3a-7543-43bb-8fda-0a422bc95bee", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json index ed7b63d24e..e0b0d4e6d4 100644 --- a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json +++ b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e79c7621-3e59-453a-aaf7-bf38515ef5de", + "id": "bundle--c4c7606f-18bd-42ef-ad97-6967ca875ac4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json index 7b961ac4be..4e3408b910 100644 --- a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json +++ b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c8f53e09-cc6a-48c0-921b-b632d3e5b09f", + "id": "bundle--f9385df7-d7d0-4fa5-83ef-07cbac1cd86f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json index fe4ffe3680..b2f3cafc2c 100644 --- a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json +++ b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d79ef449-2948-43a1-a2d4-6cea32d6999e", + "id": "bundle--b730af0c-7da4-42ba-bb0a-9436804b8ad2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json index 46627786c8..9eb3c0c27a 100644 --- a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json +++ b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--33af402e-bd1d-4b25-8246-6c378ab9d5e2", + "id": "bundle--61daa487-3f66-4a40-b79a-6748f7c51fd0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json index 389a25b1da..f7c23dcb02 100644 --- a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json +++ b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2a4465b1-bee4-4ad5-b610-c78a5b242700", + "id": "bundle--7b131640-33f4-4b5e-b3b5-e8fcb0e87c64", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json index f2b40bdb6e..11680a7e4d 100644 --- a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json +++ b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7aa9bc17-2932-4a29-9dab-a7e749a30d64", + "id": "bundle--c0beaef5-675a-48ab-80f7-d0083eef7e5a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json index f536784b87..d58d119b91 100644 --- a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json +++ b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--238131b4-f6e3-4223-9a4d-37483c0d0a56", + "id": "bundle--c629c32d-7eba-4b86-b1ac-da6cf6becea3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json index 66fb3feeeb..0b913c796b 100644 --- a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json +++ b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--77a9e472-0465-46e4-b81b-30f192bd3f56", + "id": "bundle--8155e639-2163-40c1-988a-fcfb5cb77590", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json index bbce9ec3f1..5a949342e1 100644 --- a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json +++ b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e0b7f00d-c550-42dd-89d7-56311404b82f", + "id": "bundle--369cfeb9-9acb-4649-b6f6-3681fdf60ace", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json index 80a0fd74c7..37812a3d45 100644 --- a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json +++ b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--134d9383-615b-4a0f-879b-68510412d280", + "id": "bundle--f3e3ec88-0a04-4c7c-90f4-234dc2ba57f4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json index 96bfff7739..2e304327f3 100644 --- a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json +++ b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--376e3286-6338-4580-8b29-52129bebf829", + "id": "bundle--adb28ff6-5b47-458f-9972-16837298bcb7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json index 1c9c04b780..4397382902 100644 --- a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json +++ b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5b6be760-f685-476b-94a1-7b7949f3d11f", + "id": "bundle--1f82c59e-0f2f-4eaf-9560-d16166b6a9da", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json index aec249c7e7..b861ace235 100644 --- a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json +++ b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b7b5906a-7dd0-40a3-a193-13cb06a4edc5", + "id": "bundle--6df31da2-cb3e-4107-80b7-df5e07d9cf43", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json index 8c3b42c11c..471a6d4a2f 100644 --- a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json +++ b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a46d001-5c72-4790-86fd-26f234b3b6dc", + "id": "bundle--30c060a7-f49e-4db6-ac13-cda173a52ea8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json index 9300f740a5..fc41685aea 100644 --- a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json +++ b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e3d40431-ebdc-4aeb-bd7a-07dfc68de08a", + "id": "bundle--65b2cf00-3259-47a9-95e8-3a9a9609d393", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json index 2bd0261682..5d85a62fa9 100644 --- a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json +++ b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e33c0320-cc0d-4ab0-9e4e-362fa2480979", + "id": "bundle--3e450adf-002e-48af-a5c3-f12a0a455ea2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json index e9f433f128..cea5f87974 100644 --- a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json +++ b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3a084f0c-540b-4055-9c09-ff5c65c1d51b", + "id": "bundle--c4373899-f526-4739-9635-c5e3968ef32f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json index 650d446d38..20bbd442b8 100644 --- a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json +++ b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c086974c-0812-470b-8e20-e2733c769b54", + "id": "bundle--f57d2327-5287-4dba-9f10-c0f651e72e32", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json index 330a29b0cb..0a3f915433 100644 --- a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json +++ b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4214a256-f42f-4bd7-b577-beb19b25bfc4", + "id": "bundle--143a0256-291b-4be3-98b2-ef19770cf012", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json index 471a311039..5af480112b 100644 --- a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json +++ b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--03536338-42fb-482f-a2cf-d7e855b608ac", + "id": "bundle--e99e481f-93ae-4af6-899b-0c5e82453bb5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json index ed1ffe2a1e..f50f81b01b 100644 --- a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json +++ b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cab0e380-f71a-48bb-94c9-9afaddf265fe", + "id": "bundle--6831e290-0a45-4364-b72d-6bb9840b11a4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json index d23e7a4125..1e8d208e82 100644 --- a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json +++ b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f0a31faf-300a-4d8c-923c-5cc1b3a8f425", + "id": "bundle--9a935816-c11e-4988-9543-57a488eb5593", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json index dd7fac60e9..aaa20dc56f 100644 --- a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json +++ b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1f32c0f6-bb29-4894-b5df-f89e48dc558e", + "id": "bundle--f8f348e4-4417-45e1-a9c2-2143e1357b30", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json index e7ecb2b120..acc8a6fa04 100644 --- a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json +++ b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7f53986a-d637-42d4-8775-f64fee0ff137", + "id": "bundle--728288ed-57ae-4014-ad5b-0b11ad39a9a9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json index db34701d2d..f36d747f0e 100644 --- a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json +++ b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8268e7b3-be40-48f4-9221-5e76a9fe7b16", + "id": "bundle--77f919c9-55a6-41b5-8228-7fb4f6bf83f6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json index f03fd2353d..e775962a43 100644 --- a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json +++ b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--acc0f519-fde2-4cd2-947e-eeb1760ceb79", + "id": "bundle--dd7ae164-1664-4462-af70-d6787e13b3c6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json index 48c4705808..fcc1feb7dc 100644 --- a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json +++ b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--17ecab76-cd59-48f7-913a-282a9ecfe991", + "id": "bundle--20c4597e-9646-4622-a392-715ad50283b2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json index d7286337a5..b4fbc10fd5 100644 --- a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json +++ b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91f2089f-57e4-432c-bf67-b51238996daf", + "id": "bundle--81a8b835-ab7b-4e38-9b10-8a340c47911b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json index 74c3ecc04f..7c397e71ff 100644 --- a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json +++ b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e559cce0-62d6-45fe-8d5e-75ef621f193e", + "id": "bundle--39b08720-3034-454c-8a54-37c77807eb55", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json index 32ce8ed9a0..6a14fc1743 100644 --- a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json +++ b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d9a658fa-89a8-47b1-8454-765013921e9a", + "id": "bundle--9424d90f-9f8b-42c7-9700-16e2dc30345f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json index 685444789e..c528b610b8 100644 --- a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json +++ b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--69eac644-b8a8-4fad-93b1-cf9ea832cf8e", + "id": "bundle--17037615-aa65-43d5-84b1-420b538abe4a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json index b903f2778d..2e6a02b3ae 100644 --- a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json +++ b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2fae7904-3da2-4ece-a5d8-10dde95b7b8a", + "id": "bundle--cedecd1a-199b-4bf7-b6f2-cc72b82d827f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json index ab732ee713..76f597e844 100644 --- a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json +++ b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9adf750e-1c2e-47c6-b46b-304c9bf44b94", + "id": "bundle--779fed7b-9e60-40a5-9858-02052886337c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json index 9d7be6dc41..28453b7b1d 100644 --- a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json +++ b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--315000df-ce15-4f0c-911e-67b0c7b28cd3", + "id": "bundle--fc71d7c4-2826-4d98-9f19-611813ae4e2f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json index fcf735a86e..f331c1180b 100644 --- a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json +++ b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e1adf249-2bf6-4664-898a-45aa5a30196f", + "id": "bundle--7e53e108-9723-4ca1-b697-ced38168703f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json index 378fb96a17..27acf45fb2 100644 --- a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json +++ b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--08411888-51a5-4bb7-9dd5-982d01bfc32a", + "id": "bundle--5bd01cb1-4b4a-44c1-aa16-33fa13d0fd73", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json index 1a1e3e789a..e6460a4e28 100644 --- a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json +++ b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aa5fa6ab-b484-4668-ac58-c1f19c49e754", + "id": "bundle--e4132ebb-8f62-4c4d-8cee-80c1608c5e35", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json index 3fdc87c472..969fedad75 100644 --- a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json +++ b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e117da59-ef27-4382-b0b8-8f1f41929bb0", + "id": "bundle--fd61c503-f949-458c-ae24-052f29980a77", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json index d6b340eec6..511eb320c6 100644 --- a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json +++ b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4194e5da-f765-4192-8e9c-36ed7fe60c6b", + "id": "bundle--e4a13317-c99b-40ad-a2e1-182d27910f81", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json index 3e45a6feb3..de43b313ba 100644 --- a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json +++ b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9f810233-e1ab-45ed-bdae-c1b60d704765", + "id": "bundle--33ac8a81-d157-4637-bbce-1b1225c6c9fd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json index a743eaa49b..7d1389d365 100644 --- a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json +++ b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae25fb27-ffa8-41e3-ab99-e24b6120f095", + "id": "bundle--8f80dda1-7ef2-46af-abe6-3ac81f3ea30d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json index 515ade745e..f5a561ee2f 100644 --- a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json +++ b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac626461-574d-4ee1-86cc-1391a07b450e", + "id": "bundle--ccc706ba-384a-41b3-93b0-fd007d654654", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json index 5152d76309..4f3ae3f052 100644 --- a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json +++ b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2d181da3-ddb3-49cf-9038-217a1c03a86b", + "id": "bundle--d5c7d38f-0ceb-4b6a-a360-fe623057c663", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json index c2add8c7af..8ec84d6e03 100644 --- a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json +++ b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--22a71b9a-bdd4-425a-ab8d-07c966721dc5", + "id": "bundle--49269aff-5a14-4386-b423-238344a17264", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json index e8d93042c8..5d4d43b577 100644 --- a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json +++ b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--233c89e1-1063-4cd0-88e3-fac5a68bf901", + "id": "bundle--06a1b6a4-a396-4875-96f3-9caa4d5c8c1b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json index 8682cecee0..6e2e5183b5 100644 --- a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json +++ b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e6f6d670-3b55-43da-8cd7-c983d29a141e", + "id": "bundle--c331bd52-29de-4c4c-92bf-a0c7edf2e0b8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json index ddb2ee0165..05032cf48e 100644 --- a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json +++ b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--39ae279a-debf-418f-a559-27db10459e38", + "id": "bundle--4359ac08-f519-428a-b776-5f6f431a5722", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json index 6b6a408208..b5a7431e24 100644 --- a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json +++ b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f3f7d972-d07b-4482-807b-db51184a507b", + "id": "bundle--1f343e34-830f-45d2-a854-2c6afc01f069", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json index ab7b6b070b..d03eb28fdd 100644 --- a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json +++ b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ae00df5-9c2e-463a-a6dd-09b959cf536a", + "id": "bundle--3a92ffb5-cb9b-4c51-9fd5-48e6552825cb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json index a9a6a8413b..0e9057c832 100644 --- a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json +++ b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--49cd775b-7349-4cd5-a792-a402a18eff6d", + "id": "bundle--77b6e351-482b-4936-8d45-237e9b480358", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json index d5eb216016..1d0ffc78c4 100644 --- a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json +++ b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--02ece6d8-0f9f-4d4c-9415-af25021188f5", + "id": "bundle--61196c53-0543-4306-98e5-b65b33fcbb15", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json index 01b271cd86..286833ae8e 100644 --- a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json +++ b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--66953539-cd6d-403c-af26-062bcf38bc47", + "id": "bundle--18d7c0db-6cb9-47cb-bbd9-923430eb8d42", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json index a795ac127f..30e4297828 100644 --- a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json +++ b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9cf42bd8-5431-458e-a9f0-efc338a1a19a", + "id": "bundle--3aa193f8-8d6e-4707-b909-bc80dbc01359", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json index fedfaf1dbe..7467d3d171 100644 --- a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json +++ b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--94c30096-be02-45a2-8723-345aa65cd8e7", + "id": "bundle--13b5e274-7d5e-4ef6-bc4e-86d609c4d9d4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json index 5a65bf81bf..cc7845f8c0 100644 --- a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json +++ b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2f2d0454-ad2e-4e59-a131-e38d27d8b818", + "id": "bundle--4a3ede7a-214d-4c44-bcd6-8747cbeca67d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json index 9fded7fb2d..e7f01a542d 100644 --- a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json +++ b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7a10fc0d-2139-4453-99e5-57f37506295f", + "id": "bundle--9d123f14-3165-481f-8f04-29d5cad0eae0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json index e013e11a41..83ee39d264 100644 --- a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json +++ b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5ee6c8eb-8f3d-451a-ae3c-fbda129afb03", + "id": "bundle--2e51ff50-2a8c-4187-b36f-3cec34cf59ea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json index 95d8bef06c..00afb54756 100644 --- a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json +++ b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--222d3528-c53f-445f-acd8-4c5e37d3ddfe", + "id": "bundle--bb3f4cc6-1754-4c90-8526-d58e480140af", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json index 1bcd51d715..e8ba78b159 100644 --- a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json +++ b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3d85bd45-d605-4b73-ae06-8b863002b106", + "id": "bundle--56486f44-9e0f-4c2d-84f4-d83c74ea42a6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json index 96c91432ce..9acc1f3339 100644 --- a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json +++ b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--328a0f68-4a03-498c-9c31-2a6cc5e44682", + "id": "bundle--b184f6d9-fa97-42b6-a4b4-832d3683b480", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json index 21cf472b74..fca8a3e58a 100644 --- a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json +++ b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2b4eae07-1fec-4b84-a346-f7330868d20c", + "id": "bundle--bc337a85-c2b8-4972-aceb-606c5a770210", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json index 2f5e9f4c68..cbafe5126e 100644 --- a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json +++ b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8435c3ac-0004-444b-8144-92c93611f871", + "id": "bundle--f69a4b78-b2bd-4a14-8b31-c62c16238629", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json index f3a23f8223..791beda036 100644 --- a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json +++ b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac0c0e94-cb64-4652-92ce-b9cd1f73f79d", + "id": "bundle--1b3370b1-7cee-4958-8c8b-922cd2789888", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json index 5eada4b772..813c98a02d 100644 --- a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json +++ b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6a758c5c-e884-4aa2-8ff7-e934d42f8238", + "id": "bundle--3e908e88-25c1-4746-b862-ad6784ed7515", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json index 202db9bc46..f66cf2a3fc 100644 --- a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json +++ b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac516e47-774b-49bd-8c4a-79ef880b06c1", + "id": "bundle--78976b9d-c8d4-4283-97de-35c29dc7cbda", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json index ec2e77be36..f5516ea762 100644 --- a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json +++ b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3ce4bfd5-9d6a-4c45-8ebe-8c95f6edb2f2", + "id": "bundle--aa8316a3-8c78-4e0c-9c17-72474c659844", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json index 6bb748fff9..e1b1fa40a7 100644 --- a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json +++ b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1b3d13b7-000f-4028-86b9-e9d1bf8d0856", + "id": "bundle--844f148e-7078-4f75-875a-338176f2c261", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json index 1aace50c90..15511effd1 100644 --- a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json +++ b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8bdb5152-59ea-4482-a361-6d45f780ae8e", + "id": "bundle--19991345-d7bd-4ff8-a445-91dad3d7bab6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json index 3b03830455..6956e20f67 100644 --- a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json +++ b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--016c5fd8-c81b-4595-9459-b505b20ff948", + "id": "bundle--59ca6316-5f82-441d-af49-2cc0b9adce13", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json index e33974efe2..6ff58f5aaf 100644 --- a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json +++ b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d36919d4-c105-4ac3-81f3-60fb2cefd95a", + "id": "bundle--0cac23d2-6a6b-4697-ac0b-b7cf8bec3c49", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json index 3e48fd13cd..349cd4bf4e 100644 --- a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json +++ b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18772467-1375-4540-9405-fcc7b39aff08", + "id": "bundle--b061938f-0b53-485e-b4d6-4a6e9a433c40", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json index bf438cfcc8..4cfa9cb512 100644 --- a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json +++ b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8cad7951-4926-4c87-ac05-a2705eb29d73", + "id": "bundle--14c2049f-8d69-4465-8543-9279247df392", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json index 16fee71bb2..cb7695a511 100644 --- a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json +++ b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--42495b4c-237f-4365-9f07-24f86eb0a98b", + "id": "bundle--9dd39e22-6f7c-4906-82e6-44e11065cdab", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json index 1073c0ee54..2552d9967b 100644 --- a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json +++ b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c88fbd2c-2b6f-421a-92da-5997d491b00b", + "id": "bundle--f19bf552-8dcf-4604-a717-22217726b168", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json index 04fe2c307e..4fe6c0aea4 100644 --- a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json +++ b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--625e8626-8757-4ac3-a426-6bfcc47b00f4", + "id": "bundle--8f6b76c4-db92-4fe6-bade-70cf03cd63f5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json index 3c5fbfb641..66a789787e 100644 --- a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json +++ b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ee05fcb3-4648-4a01-ad84-e04afefd3a6a", + "id": "bundle--92dcd354-4534-426d-a37e-5d3f1bebe718", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json index 181847da87..87bc06c3ba 100644 --- a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json +++ b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8b5a5e2c-9f86-4fe4-801a-9f80dfe43c3c", + "id": "bundle--aa7d29a4-55a7-4297-ab99-17cc1a9c18c2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json index ddd99dd593..542bc6bd03 100644 --- a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json +++ b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--58907b9a-5eb1-434f-9c69-d2c1b98301d3", + "id": "bundle--0742fd2c-c9a8-432c-8d32-30fe0f703e15", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json index 7b5f9bd21e..db3d024799 100644 --- a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json +++ b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e9aebd3e-f2a0-4084-b557-1bb175275d8a", + "id": "bundle--025a26ee-8d66-4396-bbd6-256c445d68ed", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json index 461b09a904..61cbc278fb 100644 --- a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json +++ b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e3d7b27c-71f9-43a7-899d-4767f56c28e7", + "id": "bundle--8306434d-f6c3-4316-b8de-acc8555dfff1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json index abcb35db05..f3e8be4bc2 100644 --- a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json +++ b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2b691b97-a402-4cf1-b97d-c3e3133ef945", + "id": "bundle--9232950f-7b83-493d-81d3-cb97cbc1c0ea", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json index 6ec7737be6..a081772e95 100644 --- a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json +++ b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e060ad1b-3e80-4abd-b52d-c60a43a7f97a", + "id": "bundle--c13fd574-0001-4c36-92b3-4e3bf57e4e30", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json index 76988c4b30..ec5b9e0e78 100644 --- a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json +++ b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9ac5d5b3-51d6-4d9a-9194-ffb6162ada94", + "id": "bundle--1a7836fb-188f-4d0b-b9b5-21c2408d43f5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json index 95bc75db80..9a1932b6c1 100644 --- a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json +++ b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--22fc5525-3bbe-44f9-b182-cc3e72ab834f", + "id": "bundle--b85db25d-e31f-4e69-924f-a0c12c80f563", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json index 0dbfa3e3e5..f026657757 100644 --- a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json +++ b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--51c196ec-1f52-4fb8-b125-6c269943817d", + "id": "bundle--8f0a893b-241b-4529-8292-88268b4d3d67", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json index 47d5e0f1ad..5b45ea420b 100644 --- a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json +++ b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bacf466f-d1a1-4e5e-af96-bdf87324f3fa", + "id": "bundle--23969800-1351-4d85-87f2-716fb051e288", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json index aa757309ff..dd842e6e30 100644 --- a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json +++ b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1f9f30df-a7c6-4838-a688-344edc66cb7f", + "id": "bundle--166e3dba-a56a-4d93-8299-04ce7b224415", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json index d99dd2e048..64917fd92c 100644 --- a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json +++ b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6617cbb0-0350-4e3b-9bcc-2a578bb00df3", + "id": "bundle--6a70f0f4-7311-41f6-b6ab-ae5428368d5f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json index 2fd4d66ea7..2f11113540 100644 --- a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json +++ b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2dcf160a-f9d1-4e21-8ea2-ee4054f374d5", + "id": "bundle--38d15d34-cc3f-44d0-ad75-f0de6b6a7c36", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json index ab34e3813f..15335041e3 100644 --- a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json +++ b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5ffa8716-5c7d-413f-96ac-888daf9e940d", + "id": "bundle--16d96438-41ee-45e6-8cb1-d7d0a9ca61f9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json index f83d57dd47..a150591560 100644 --- a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json +++ b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--edc0deab-9972-4484-aad4-4d5fed9bc7c5", + "id": "bundle--6a661d08-d063-46b3-80d4-4fc23a7fc925", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json index 724faaa02e..80b08a0963 100644 --- a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json +++ b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30767bf2-203f-4ff6-8e4c-8dcf668ae064", + "id": "bundle--5494b55a-68db-4564-8d6e-cb526bf3adec", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json index de9e7b03cc..b298596d8d 100644 --- a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json +++ b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2bab8e88-10ab-4b17-819d-4089e1ac2c76", + "id": "bundle--27039665-b90d-4857-9cd9-eaadbd299472", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json index a672c0a2c6..9b51eb666a 100644 --- a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json +++ b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--062c6b5b-ad30-444a-a889-7b2c1d449e54", + "id": "bundle--69c1cb39-3778-4251-9cf5-62b3c6db878a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json index 7e6494174a..23bb5cb865 100644 --- a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json +++ b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b8d058ce-73d2-4344-bcfd-44e02da6d78b", + "id": "bundle--a2cf3bea-9fd6-4565-a7a1-f702d339082b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json index 82b35e8fab..56eef01ad7 100644 --- a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json +++ b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1556e7bf-f353-4328-b258-76e21a14fac7", + "id": "bundle--d144f0b4-1f49-4e3e-bd71-2982ae426295", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json index c1df3fe10a..fd26231a61 100644 --- a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json +++ b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1d362e4e-3312-452e-9bc9-4f273ed8450e", + "id": "bundle--0d63b9d2-c8fc-4df8-9f1d-9c03ec7aee8e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json index c0498f12d2..363e7d7af9 100644 --- a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json +++ b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--91ca7a27-7869-4cf4-b4f8-fac0369ffc93", + "id": "bundle--71d3e0d8-9992-473d-9eae-12d28369dc9a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json index 123509bcb6..6a7c5e6c5a 100644 --- a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json +++ b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--af919e34-239a-42c9-9ce2-9721b7c06a0a", + "id": "bundle--d9b91837-a335-4976-be92-deed513d2bb8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json index 6b8d264f24..d8d94f00f3 100644 --- a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json +++ b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b603590-44cb-4eec-9892-c546e23ce74d", + "id": "bundle--850b7f74-2eac-4cfe-8b95-0f9e74c0b6f1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json index aa2ba52675..fcce0b3133 100644 --- a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json +++ b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d33677bb-5d43-4e3d-94ca-6644d410c840", + "id": "bundle--a4f11afe-e35a-4295-8b64-6c20530454b6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json index fff4c9a026..a3155deada 100644 --- a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json +++ b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3ee581fd-d5cb-481f-b97c-6c0e15d45ca4", + "id": "bundle--caef1c59-09ba-4d27-b26c-44a5a2338935", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json index 57a32b256d..eebe2f5313 100644 --- a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json +++ b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6ce5dd7e-284b-4af6-95d2-967feff06352", + "id": "bundle--1f736888-3b05-4b34-aa55-c1596f613ed0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json index 7f1072e96d..cd18a864c7 100644 --- a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json +++ b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3b10601a-6009-487b-bfe2-85ae73c9e09b", + "id": "bundle--1047b5d0-ee48-4b18-9306-e68164ebc969", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json index 853849eb74..9609cba0fa 100644 --- a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json +++ b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4a9eac6d-f5bf-4968-9e43-f654f1334d70", + "id": "bundle--6e55ca6e-a637-4897-a5b3-e0a0cea8aeec", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json index 88a8981cad..ca36d2bc35 100644 --- a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json +++ b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4bb438b2-c51c-4960-bc14-f970c1d01fca", + "id": "bundle--e0a2707f-2d5c-4453-bf83-54620bc6500f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json index 474846ab9d..50b35b2841 100644 --- a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json +++ b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ec66e578-b3e2-4356-9ed7-f9f3ec52c71e", + "id": "bundle--2ed442f9-07df-4d55-b82c-3591d604f80d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json index da2362f67c..65f099441c 100644 --- a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json +++ b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f0a86fc0-215b-4076-b5e6-3393a2dc8750", + "id": "bundle--eadb3040-62a4-4e0c-8c91-c100e86a41f6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json index ead7f822a5..95d129fec4 100644 --- a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json +++ b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fc830f4f-c027-42fc-bf59-8f134c0fc39d", + "id": "bundle--bef79c55-3013-4923-8092-504d6fac6f18", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json index 5a1fafb3d8..cb505e9491 100644 --- a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json +++ b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fb0a2eb1-10a9-4a04-a617-8fcd8d657647", + "id": "bundle--eeafbfaa-3780-435e-910d-85ab56560c83", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json index 87a4dd9a33..ef3632b721 100644 --- a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json +++ b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0425d4e9-bd9d-4b34-8e4d-cfe674c832cf", + "id": "bundle--9af4faf1-2f32-4616-bf96-9be7ad518b6f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json index bb7d228c33..afc765d0f4 100644 --- a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json +++ b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f7a35c38-24fe-45ce-80ae-49cf5e656b03", + "id": "bundle--700ce13f-77b3-4843-a4d1-b6a9326180d6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json index 895ab22bc0..7f506594dc 100644 --- a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json +++ b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--07cf140d-a6b6-45a1-82c5-2d563baff847", + "id": "bundle--512b0ebb-7dbf-4817-b7be-1413d94fdaf3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json index 91773b650c..84f7dfb502 100644 --- a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json +++ b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5d1abaad-1b56-4da3-a82e-e13eca80c639", + "id": "bundle--9b2a4eb6-95e7-43e1-aabd-6d8a01fe5c78", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json index fec591b66c..146f759fcb 100644 --- a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json +++ b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cb36948d-83d8-4c5a-8d5f-1874d44dc3a3", + "id": "bundle--4e7368a7-6e19-4aaa-b7ff-77a575be617d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json index 3bec50e71e..a1db41a91e 100644 --- a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json +++ b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--773e481f-204a-46eb-ab1f-e120dbc0df63", + "id": "bundle--67432396-3dab-4af5-a199-9068f7a5cd01", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json index cdcbcb5a96..64ac041929 100644 --- a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json +++ b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--01640d2e-202c-4c6b-a4c9-deba96b65040", + "id": "bundle--7b7de5ae-0f23-433d-a8c6-72f70192d60a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json index 8854b19526..17372f38de 100644 --- a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json +++ b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ac01d9b1-a1f4-4788-8aa0-743067c0674b", + "id": "bundle--8b195432-8736-49c4-b13d-b4ac543fff4a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json index 735fa250de..9ff42238f9 100644 --- a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json +++ b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bdafd488-9baa-4a64-a8a1-0dcf9e851a8e", + "id": "bundle--5590554c-adb3-4229-a7b6-79f718647796", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json index a6d8fccbec..a0e6a19c79 100644 --- a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json +++ b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43dbe7e2-1f63-485c-b1cf-1d1c0e15a581", + "id": "bundle--f64b69b9-2e24-4f40-9bdb-763f42c40fde", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json index a030e1b0fc..2b363a8548 100644 --- a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json +++ b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c2632b21-7a13-4b81-99d7-4bdd6e6400b8", + "id": "bundle--cad3f3fe-9390-466d-9441-406f647998dd", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json index 2f9ce3516a..21d47bb551 100644 --- a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json +++ b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eb825769-3f57-4d1e-a5d8-25d2e594c3d4", + "id": "bundle--39c319ce-0398-4909-953d-d8c9b9e40ca7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json index 9e8e1f252f..6867fbd482 100644 --- a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json +++ b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0af31760-4956-4686-be4a-7480ef69c9de", + "id": "bundle--347b9dab-d48b-47cd-87f8-a5e10271a43e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json index 97049fb3a3..28f688c0e3 100644 --- a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json +++ b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--43015dbf-cc3f-4745-a5c6-f8feeb054cbe", + "id": "bundle--2279ee29-8856-4f96-8ae6-2451f2e0cd4b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json index 2cc85e2636..413e98a3cb 100644 --- a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json +++ b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7f9444c8-c247-4b43-9b6b-0ba577919765", + "id": "bundle--87ab473f-a7a5-4efa-b320-3c788f990e20", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json index 8d87ae045a..37d9ca49cc 100644 --- a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json +++ b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--85b74c16-909b-4cf9-b7dc-0b5862ca9765", + "id": "bundle--4cd9483c-f7b0-43b7-833f-89ef8301e992", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json index 300ac9253c..83b787d044 100644 --- a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json +++ b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--31cf33ff-f24b-49a6-afc6-02f128bcf40e", + "id": "bundle--20c772b3-0f1d-4da8-8ca4-ea668c822517", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json index 27ea087d64..476c80c0bc 100644 --- a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json +++ b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--021fceb1-e090-4f62-aee8-20780f1cf315", + "id": "bundle--cd73ccc8-0d18-403d-90a5-2be26e5bc59d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json index eafdbb75f0..da12fcc289 100644 --- a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json +++ b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5eabf32f-c872-4b41-ad2c-502b97c643da", + "id": "bundle--12079abe-91ed-4ead-8837-9dc3b283c129", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json index c789e14563..4f4f7b6c8a 100644 --- a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json +++ b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7818de99-e8b4-4479-8c02-b20be4ec3a72", + "id": "bundle--d1b0e9c4-c3e3-40e5-8dc9-007d17b9cac9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json index 3d01458df9..0607f116f4 100644 --- a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json +++ b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9435a51-9026-48f5-b95f-66ce49c16b53", + "id": "bundle--2bbef0ec-fce3-438d-aabe-f68419f18d7b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json index 1edfcc24b7..42a87f958d 100644 --- a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json +++ b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--20fab21f-3aeb-4905-a7ee-ae7954b3713b", + "id": "bundle--e8bb09fc-76f3-444f-b5f2-4e7eebf82e48", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json index 957b74bd80..233d657e70 100644 --- a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json +++ b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7a2cd942-6cd8-4d59-8dcc-c43cf0745e62", + "id": "bundle--0506fd94-3207-45d5-8f67-4ef27e60a2a4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json index 20e3b37130..b6333ca088 100644 --- a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json +++ b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--93a61ed1-3aa2-4dfc-9203-81f05cac74e4", + "id": "bundle--37ee7cf7-b9cd-4b06-8fa4-c98255aa1168", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json index bdfe6fafb6..8a1a3680cd 100644 --- a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json +++ b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2ef649c8-bb12-4079-ab60-9234a9d9ed29", + "id": "bundle--c51a00bc-5fca-466c-85d7-d0b66fc3bb27", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json index a908a1cee8..e04eaaae5b 100644 --- a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json +++ b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f40d2f13-16e2-45ae-ae20-670869d14d33", + "id": "bundle--25205a55-1732-4017-a5fb-08853b2cc623", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json index 29c8fee439..6c01413a05 100644 --- a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json +++ b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7984e151-89ff-4d2e-9329-845868df0cb1", + "id": "bundle--5cc8ddee-8e9e-4983-b7cd-1c74a336c55f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json index 34dd5bdd00..49c7eb51fc 100644 --- a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json +++ b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6bf062a1-14df-4611-a86d-a744a7b46886", + "id": "bundle--30a0e1a8-b7b3-4896-ae82-6c508fe46337", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json index 42e165d1ec..f9b8d55bd3 100644 --- a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json +++ b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6e7c1fb5-6238-4d08-aa86-2b45e29c3183", + "id": "bundle--079f5f6f-47f1-4f55-a29d-e1de262b4793", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json index 1ad3ed0246..391b827574 100644 --- a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json +++ b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a7176ca1-6304-494a-bb9a-bef2ac1e0ed9", + "id": "bundle--96b756cb-5049-4a74-bf97-fbeb5927eee1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json index 9b8221ca6c..bd08a6f6c6 100644 --- a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json +++ b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3a561ff5-2921-434c-83ce-6da27630841b", + "id": "bundle--f81f35d5-0a6d-4531-bb53-0934cc8c0836", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json index 827b77ffb8..e01bd485ac 100644 --- a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json +++ b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--11f09f87-ff80-4267-aa50-9a8ca7d125ce", + "id": "bundle--7b49b9cb-9be4-497a-905b-985ccff4719e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json index 8135d485e3..366ac1a21b 100644 --- a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json +++ b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a45d2bb9-c083-44f2-a53f-fc77255a25d9", + "id": "bundle--66b5f1a3-93a0-49dd-8e20-a0324893858c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json index b6b747cd89..d6cc2ef413 100644 --- a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json +++ b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d81cf4ae-648c-4a43-8202-a4ef073ace87", + "id": "bundle--13f7bb43-3c80-4bf0-a619-9bf204d888cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json index 7b6ce02143..0d28f2bd2b 100644 --- a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json +++ b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1efd8229-5d94-4d66-8ffb-1d133feb9f02", + "id": "bundle--22871458-c51d-4523-8707-175613128b63", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json index 90e55bd3c0..500047c966 100644 --- a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json +++ b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ea44112-dbe5-483b-84aa-f758267b469a", + "id": "bundle--4c7a54fe-e49f-4b16-aec8-cc5e3440f1a7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json index b25a52c970..d654e351a4 100644 --- a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json +++ b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--84f7b8e2-d257-497f-8f45-2e8e1b99a877", + "id": "bundle--44a59972-d3e3-4633-b218-1b25a2a8312f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json index 771c499016..bc1697a296 100644 --- a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json +++ b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b151bbf2-d40f-4376-a45e-6c05fcc563bc", + "id": "bundle--c052ddb2-0325-4a30-8672-e5c8a5ce9ed4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json index 817e42ccd5..933875deaa 100644 --- a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json +++ b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d83f423b-1c22-409b-bb02-3ce5ac9a0bb1", + "id": "bundle--97a25d88-308a-410c-aaf6-6bac8789a072", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json index 45b02abcfc..995450f5c8 100644 --- a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json +++ b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--79352efe-5cf5-46e3-b0f1-731534943175", + "id": "bundle--dd6a756f-4667-41b7-8637-ddefe37abe39", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json index 8045c6b86c..80f088496e 100644 --- a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json +++ b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--29e18d13-b10c-4897-bdf7-ec3ae43f3ff5", + "id": "bundle--2a435bf1-d27e-48bd-ab45-d06ce8451e90", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json index c163eaf83b..0beb7a1c80 100644 --- a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json +++ b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ae487880-369b-449b-8b1b-20ac4af7c844", + "id": "bundle--0833f4b1-7d17-4113-b08e-f7aa6ff0a304", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json index d558df3713..29ae3de7e0 100644 --- a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json +++ b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--508a97fe-0a8a-4751-b64b-260d3dd96492", + "id": "bundle--0047848b-3000-4463-b343-8fea953f76d2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json index d70d4bacf4..be1e822c88 100644 --- a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json +++ b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b58bbb1-ff81-493d-9c13-6d873ef775e8", + "id": "bundle--3c595474-9100-470a-8335-9d77c87d39c4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json index de75ac7e8d..6159c3265a 100644 --- a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json +++ b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--101eb43e-81e3-46fb-9414-7b6be3e9ae87", + "id": "bundle--dfdbb3b3-6ffb-4a53-a2ae-58cf3dd19ed5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json index 54b0b6e04c..2d6c67f2af 100644 --- a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json +++ b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a1b22da3-879c-439b-8d00-1dcfd02914f9", + "id": "bundle--1e73ea28-8da3-49fe-b306-11a61e4b51f8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json index 1e1b12a600..5908f24227 100644 --- a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json +++ b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3c4d6253-dfa0-4e4a-8d24-ea070a9a2a42", + "id": "bundle--b530c201-84c0-48b2-9658-4fcba44d839d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json index 9a5c610a92..48c60a6f6c 100644 --- a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json +++ b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--22bcdb72-d1ad-4ce5-a034-5c7ad1eeeb0c", + "id": "bundle--508e254b-000b-4458-8eb3-6976e563bfb4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json index f3abcd9ad2..8f8754db34 100644 --- a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json +++ b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30cc8997-59cf-41de-9b01-51497c5b5011", + "id": "bundle--78c5889f-db64-41a7-b7eb-943deab0e125", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json index 42ca1a6d15..f9b91c05d8 100644 --- a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json +++ b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ddeb3567-df6b-417a-a480-fb52338da5cb", + "id": "bundle--ac45895e-cba6-444e-ab97-0c82a2207cc5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json index a7e1724fc0..3f8af8c14b 100644 --- a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json +++ b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a400246b-de25-4fe2-a758-8ec4f7485222", + "id": "bundle--4eca5421-6fb5-4878-bec0-628e0f3d6282", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json index c95843cbe4..732ee1f740 100644 --- a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json +++ b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dd711051-13d2-4780-9b1b-1db895960703", + "id": "bundle--b3831285-dcb9-4af7-a9a4-8b832545096b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json index 2c87f64736..fc80b0c635 100644 --- a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json +++ b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1da8cdf9-7bfc-4fe1-8ee0-9ba951d849dc", + "id": "bundle--d4284bc2-fd91-4d90-8f29-d26a132a5357", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json index 89dc73bb26..98ca51cc69 100644 --- a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json +++ b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5efd8fce-27a8-4173-9875-40f769373d26", + "id": "bundle--bb2c453e-817b-4ac3-b961-c2bf20db185e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json index 84205e4bd4..37d81d4988 100644 --- a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json +++ b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b8a22fde-2bfa-4b35-ad3f-f20d39777c84", + "id": "bundle--7d2627ce-99f1-42a8-866d-fb63f52e0fcf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json index 88d1460172..0cc8cdc3bf 100644 --- a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json +++ b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--803525e2-e11d-43b3-9e9e-53de3c98d077", + "id": "bundle--df8c796d-9600-4261-881d-100e717d2b92", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json index 4abbc6be18..9b1a806088 100644 --- a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json +++ b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--784def99-df87-47a3-93aa-0e86734c4eb4", + "id": "bundle--953c1d7b-1701-45de-b394-8ee53e6b92b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json index 45cd112ae4..b55314a061 100644 --- a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json +++ b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1eb425f-9fa9-46be-9131-dcd96ac519c6", + "id": "bundle--22b9c5d2-6a81-4437-b94a-6a6e8068e4a0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json index 3778b08cd5..058bdcce9d 100644 --- a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json +++ b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--594f945c-7d71-4648-85a5-2e381dd193bc", + "id": "bundle--2f409538-89c0-47ae-96ee-3d77abdf7f8b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json index b247979e00..9e64df7710 100644 --- a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json +++ b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c6ac7a8f-4d5a-4b7a-a03e-0f6f88415117", + "id": "bundle--fdb9a037-ea97-4c8a-a96b-71c06ce1de2f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json index 7638c40288..a0a171e870 100644 --- a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json +++ b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3fd553a4-acd8-4e58-b699-4a2fe7e64d0c", + "id": "bundle--6cd40490-64eb-40d2-8469-9f5bc1f57bc6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json index 8194a8e877..e776eb5e77 100644 --- a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json +++ b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3cbc2fe7-b58e-4468-b4cc-fe579d14923b", + "id": "bundle--f5c2a8f7-3b57-40db-b789-64e6171845aa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json index 990c0826f1..0ef2c4228f 100644 --- a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json +++ b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8f12a1e3-7b8e-46d1-8653-75f7497f990f", + "id": "bundle--f8f5750e-be93-4a8f-bdc8-c27875ae951c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json index 6d4c2372d9..b7845beacd 100644 --- a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json +++ b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b357ad5-9a4d-42a2-9808-1eef870c8ebe", + "id": "bundle--905179fe-e56b-489c-a709-d8e22a3f68c0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json index 49f1976193..705b37f5a4 100644 --- a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json +++ b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--94fb010e-edf1-4c2c-a051-d2bd6b0afecd", + "id": "bundle--5d116e4a-56d7-48ee-9c5f-01a3c316b8bf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json index 02d3d3b4dd..98f7a0e6fd 100644 --- a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json +++ b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dd72bdc6-ca22-47a8-bef0-3ca0d1a1838c", + "id": "bundle--58e88f52-7a6f-461d-a629-257d392fc213", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json index 5c6c392cf1..80c5a5202d 100644 --- a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json +++ b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1a24cee1-3ccb-471a-8c9e-42b1304cc901", + "id": "bundle--0dbd607f-fa2d-4f88-bdc6-427cc314bc25", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json index 2ad842ceec..a777c23d2b 100644 --- a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json +++ b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5128bfa5-ce6b-4ed2-bfe6-b9af2c15461b", + "id": "bundle--a1639367-9b7b-435a-a5bc-4c6ac5afd2f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json index cbbec1131d..6866714be3 100644 --- a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json +++ b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fdddf3cb-7559-4408-90d1-4f25f83226a5", + "id": "bundle--3d46aa72-0b5a-414c-be70-b6313049f103", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json index dc93f8d3a3..087b7cc54c 100644 --- a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json +++ b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--400045ad-b7a0-4f96-a0c2-c3081edbcff7", + "id": "bundle--cbf54182-9a5e-4b1f-b8e9-af759caad126", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json index 244fd8f5a0..d167b3dd5e 100644 --- a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json +++ b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--728567ad-f52f-4719-9deb-876c33c601b4", + "id": "bundle--81d797a9-a4b3-4db3-abc4-db3dbc9f863e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json index bf75301138..5864d4593d 100644 --- a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json +++ b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7aec6047-90ca-4a90-9cba-e43154ab57ab", + "id": "bundle--c483c3ec-2a39-49d0-a65d-5ac325e8fc44", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json index 414b81a5cc..8aac5898e7 100644 --- a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json +++ b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7c20faf0-d34d-4d7d-ac1b-17cafd348c78", + "id": "bundle--1b6afd9f-8ad2-4e05-af0e-56c3ac3f5278", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json index d6f3b5787d..76d1351cd8 100644 --- a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json +++ b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c3dcc60f-13c4-4c94-9869-d76c0c34034d", + "id": "bundle--f2dc2fdf-d570-494c-9724-6c4c22f24ce7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json index 55b18b9051..e5e59faa60 100644 --- a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json +++ b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--29a7edf0-6cdb-45b8-966f-8559bbc90154", + "id": "bundle--5f504597-fdc1-419a-952d-7e26ad5dabd2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json index 0e46ae6702..e8a7abf842 100644 --- a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json +++ b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b3227d94-eba2-4024-a43f-190cbb03cb6d", + "id": "bundle--07bd7734-7a64-45dd-b7b7-e9b9234a5a06", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json index 3f2bc10177..2260e5999f 100644 --- a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json +++ b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--99a0ea00-c03d-4a97-883c-cc61a3bf2c13", + "id": "bundle--9e0c1377-715c-4a73-8e03-5c48c324a4ec", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json index 10b8f4f07a..1c4172d267 100644 --- a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json +++ b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3f1abd71-b473-447c-aa6b-fbe2bf1b6b3c", + "id": "bundle--0f246ddc-2ba6-460b-bbf1-1aa6d47f53fa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json index 2caf9e0897..35944f9350 100644 --- a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json +++ b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7fed3817-a1a3-4e7b-baf5-b88aea5a2d7a", + "id": "bundle--11a304e6-7516-42c7-b1be-033d2d31caaf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json index 137be61e47..487bfc4d8b 100644 --- a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json +++ b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a58fdb6d-f7da-4a3c-b1ba-58bedc17615a", + "id": "bundle--529094fd-0ac0-47da-96bf-7ab3f4cbf3e0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json index 47a1b9ff8b..fed091620f 100644 --- a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json +++ b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f1313c48-1af4-415d-b5ce-c3cbee78138c", + "id": "bundle--f3d5d921-698f-4bd2-9d29-4b6a99823a8f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json index b1d85e0e28..7b2ace3527 100644 --- a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json +++ b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9041d399-c549-4ccb-9100-fe56f8dab67f", + "id": "bundle--994fd2f7-e1e0-45e7-9485-7d35becdf338", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json index 3a62a0a17e..aa79ecec3c 100644 --- a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json +++ b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--63b369fe-1442-42d6-84bc-24150b1f4bf7", + "id": "bundle--aa972bf6-b506-46e4-88ad-2f8e694479b9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json index 74e4ef5bb3..584fb63fc5 100644 --- a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json +++ b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3bd00861-d18a-4b6d-9bf6-56ca8c6c57eb", + "id": "bundle--fb1a877a-31a9-4ce2-b385-8baa88683958", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json index f0ce944a92..f47d04ad7f 100644 --- a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json +++ b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0ee9d83c-2e94-42d1-92ca-da2c3cbb828a", + "id": "bundle--9bed83ab-5020-4817-9b82-d2e54554da45", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json index 36da1360c7..3a3f083228 100644 --- a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json +++ b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--3d2316be-11a2-44dc-9158-3fe7d782a63b", + "id": "bundle--bced2fd3-be25-402f-b490-075ae318661c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json index 77092e1d42..02351267f0 100644 --- a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json +++ b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--199c72e3-e2ce-44a4-8914-5cd762408ca0", + "id": "bundle--a81728b7-8a2b-445a-adfc-0f093810afaa", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json index 67cc98bbf5..b1d6b417da 100644 --- a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json +++ b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1e00974c-7905-43fa-9d04-5b3baf1647f9", + "id": "bundle--086b5302-bb44-48d2-980f-c0e2cda8211c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json index e7660fa224..e583dace26 100644 --- a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json +++ b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0398acdb-90b9-47b9-9544-953b5dab5601", + "id": "bundle--f5ad570c-a857-4887-ae4b-c413404b4284", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json index 10054a0e8b..fff860c51c 100644 --- a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json +++ b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5f8f95fa-7160-4d4c-80ab-53e1307bfd16", + "id": "bundle--1af26b2e-cebb-4ae2-a31f-04f3b092e81f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json index 745f500c14..0213c3134f 100644 --- a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json +++ b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0fdaf79c-0f47-425c-b1f6-97c4c8a2eb82", + "id": "bundle--84d08b96-c7ff-48d8-8383-b164c3d406ca", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json index 7632e96cda..be9551b50d 100644 --- a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json +++ b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e54e41b0-6210-46a3-8895-e99640ef8c59", + "id": "bundle--5d8e6823-d97e-4e7c-8a25-0aa44b02c818", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json index 80b77002b7..45667287e4 100644 --- a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json +++ b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--761b2599-4b6c-4943-b745-be00056f13a8", + "id": "bundle--2b15450c-3ef6-4e5f-a377-858fab310d8d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json index 946f758114..a750d42c8a 100644 --- a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json +++ b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--615f9512-1dd5-4b6d-b48f-a70248d91d2a", + "id": "bundle--c9923c35-c028-406b-8389-d2b9c33a383d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json index 552a2177a8..c6d12be3d3 100644 --- a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json +++ b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--61f39670-fb95-41a0-98ce-79666e6932c3", + "id": "bundle--72883630-9f54-4314-b0eb-f11f67800f78", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json index b8b41940f9..8138981f0d 100644 --- a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json +++ b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6078c6bd-00b5-4a34-9723-c340f358660b", + "id": "bundle--3b4bf418-fc56-4ba4-a6b6-c107d1345ac5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json index 4242079a09..840fe05309 100644 --- a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json +++ b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--74b6f9b0-6af3-4704-8671-3257c5ea09a6", + "id": "bundle--4f2d91de-fb9c-43d9-9221-f4c9f429a308", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json index b58be244be..6242a5acd9 100644 --- a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json +++ b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c6ddba58-7afd-480b-88b1-1a878609ca66", + "id": "bundle--0aff281e-e4a8-482a-be80-b0440c6a3bd0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json index aba36e649e..556dd44db6 100644 --- a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json +++ b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b9997447-5351-424f-8947-9e7954b8f4ea", + "id": "bundle--6b3b41e3-400d-490e-839e-3a36efcca0ef", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json index a06c893866..cdaba2cad0 100644 --- a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json +++ b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eebaa7ee-9c9c-4339-8734-f4f983e6f541", + "id": "bundle--44bd655b-4da3-4d2d-8844-5b8de5d746b2", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json index 86086fe047..71882fa7bb 100644 --- a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json +++ b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eec5dac5-df09-4583-8f5c-eb4ddf6ae5d2", + "id": "bundle--bceddeee-1c6e-4546-8ae2-2d89959e2479", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json index e813d1121d..94f2272fae 100644 --- a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json +++ b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d8da900f-f9e2-4873-a301-a06444d6b417", + "id": "bundle--2a951f5e-16ef-4247-b073-422c875a6f70", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json index 16eb06471c..9cc1fa4c8e 100644 --- a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json +++ b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b2d690ab-559c-4516-b407-6c4e4e469a82", + "id": "bundle--e5cf1c17-28be-4bf4-b5c0-c84fb1e3c9dc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json index 37353fc4e2..658eda912d 100644 --- a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json +++ b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--bbcb490c-35d4-4042-9929-3e95a47724bc", + "id": "bundle--522f0063-406c-4372-b9d6-7202896feec3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json index 9a0d4d6826..8d9402eedb 100644 --- a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json +++ b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--870776a5-e731-4dc9-803c-1afd87198a98", + "id": "bundle--2477a3e4-08d6-4878-982c-21f52dbbc1f3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json index b909f20b55..f6cde7959f 100644 --- a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json +++ b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7cd8ab5c-1573-4161-839d-5a2cf7ddb912", + "id": "bundle--bb3bc2ed-4d1c-48bc-a73e-f7b28382aea9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json index c13cd247c2..9893854148 100644 --- a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json +++ b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--161735d8-41d2-4121-a5ec-da421306c01f", + "id": "bundle--4cfe2f18-3585-468b-bc5a-d25bfb8b0e79", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json index d9514a2991..048d461bdd 100644 --- a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json +++ b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--820f5bf2-4a04-43b1-846f-7181d1124bfd", + "id": "bundle--3277a53f-7896-4780-b8a3-c4c5c3489565", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json index 0a0a51f7bb..26c15a9aca 100644 --- a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json +++ b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--550f8fb3-d020-4cca-a492-7d7aaa1173a7", + "id": "bundle--6fcd3ab9-73c3-4d5c-83f8-491c374506be", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json index 14614c5c34..033289427f 100644 --- a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json +++ b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5db587bc-7c46-493b-9add-7d7c774e01e5", + "id": "bundle--490c8867-bbab-4844-b272-bce2b17c348d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json index 327f24b2c5..e1056f85d0 100644 --- a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json +++ b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2813d0a5-1ca5-4c29-8856-bb1a356aa9d3", + "id": "bundle--fe5a5293-ab2b-4cbc-9702-7753ae35a295", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json index 957b4e301c..bb8c014b6e 100644 --- a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json +++ b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e4841b55-b338-4098-a2f3-231dfddea7a6", + "id": "bundle--7b64ebda-4eea-4a37-806d-6bdda88a16b7", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json index 4f9684c901..cf23924af4 100644 --- a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json +++ b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--2128ba26-6afc-4e63-a914-7d7e34c69ef9", + "id": "bundle--e149d90e-6a8f-4f9b-bfaf-c0ff64027219", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json index f5b9a34dab..6de3cb3035 100644 --- a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json +++ b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9067bbb6-4e69-4044-aeb4-7fea776bc3ae", + "id": "bundle--e45ccd83-7c72-4a58-a875-86d9fe1a3549", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json new file mode 100644 index 0000000000..ccce47dc8e --- /dev/null +++ b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json @@ -0,0 +1,33 @@ +{ + "type": "bundle", + "id": "bundle--23036bf6-5af2-4aac-9896-69d797cd1500", + "spec_version": "2.0", + "objects": [ + { + "type": "relationship", + "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4", + "created": "2022-09-29T21:22:06.716Z", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "revoked": false, + "external_references": [ + { + "source_name": "Cylance Dust Storm", + "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.", + "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ], + "modified": "2022-09-30T18:45:10.156Z", + "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)", + "relationship_type": "uses", + "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f", + "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002", + "x_mitre_deprecated": false, + "x_mitre_version": "0.1", + "x_mitre_attack_spec_version": "2.1.0", + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + } + ] +} \ No newline at end of file diff --git a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json index a8c2cd30a3..e0070d9f22 100644 --- a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json +++ b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--02b25e8d-e902-4be6-b311-e934c9114039", + "id": "bundle--439a1030-12a5-412c-bc93-e9c0bd9b80ce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json index 1f5c02d17a..8d402c0ef5 100644 --- a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json +++ b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--abb45ced-f94e-4238-9456-75bfd2f36aaa", + "id": "bundle--f31b67b3-06ec-4327-aa87-60a5ffeaeeed", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json index 6fbfc8360c..4c04cc7bc9 100644 --- a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json +++ b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b02c0131-7ca3-4b9d-bd5b-9c16b75933fb", + "id": "bundle--431ac6e9-f3dd-4a12-acef-38477174b91a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json index 7faf11e56a..101e058f20 100644 --- a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json +++ b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ed6b55fb-a8df-4bef-ab49-9d8fe2037ac5", + "id": "bundle--c8cb3deb-27ab-44d0-a8f1-e6ee160873f6", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json index 1f86519202..bf536c1a51 100644 --- a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json +++ b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--dfcfc8f3-066a-446d-8889-3c8c2c4fdb91", + "id": "bundle--00604f89-bba6-41d2-abd3-0b76936ce71e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json index 293bef47e0..9da52db996 100644 --- a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json +++ b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f05fefbd-88d1-4dbf-8b41-30ca64c2c92e", + "id": "bundle--f5bac46e-be31-42b0-8952-c08581d3dedf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json index fe44c9f298..c53670836c 100644 --- a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json +++ b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--20356271-f835-41a2-81e5-4bfb0d8df462", + "id": "bundle--7774be23-57b6-4275-b501-4ab317b55acf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json index 1f68504f6e..3450966210 100644 --- a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json +++ b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cf6ad6bf-f84d-4375-9506-5f625e1676f0", + "id": "bundle--7b134248-0b7c-4d99-a087-467183c9ee56", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json index e3dc271cca..81618c1f82 100644 --- a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json +++ b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9df78532-6de3-42af-8d17-449294f73dd8", + "id": "bundle--8714ebf7-7015-4cd1-93f7-1b82051156ef", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json index 2faa07c231..54859b523a 100644 --- a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json +++ b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4b36841e-09b1-46c1-86c2-b6159f4c154c", + "id": "bundle--d6968e92-4b45-4876-aaf3-e6c1db1ebb7d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json index 916bd1f646..cdc060433f 100644 --- a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json +++ b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--beb2c176-36c7-4167-9016-fda027ca46f3", + "id": "bundle--adf54853-119c-4d8b-b916-72d172e8cedf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json index 076e542ea5..db65520d24 100644 --- a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json +++ b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e3a0076a-9093-4463-9d36-411c4bd46f7d", + "id": "bundle--b9fd5776-09d6-4c25-a09f-b8664b2120f8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json index fbe601d2e4..77f4e01eac 100644 --- a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json +++ b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d1ae2fb8-5724-4c65-949b-6f05f2077506", + "id": "bundle--2059ac07-a38f-41b8-9bf7-ef522b8cc194", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json index 405c28f76d..c74831c31c 100644 --- a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json +++ b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6045daa6-823e-479f-bdc8-9d52de044f2a", + "id": "bundle--ced00cd3-d48a-4814-bbd3-8283c6e9651c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json index cbb7548df2..0151f2a559 100644 --- a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json +++ b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c59e6d3e-313f-4836-b690-6e04233a82c1", + "id": "bundle--144aa323-7be0-4cc5-860f-5b86b2d4c8c5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json index 24a606d3de..324868afe3 100644 --- a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json +++ b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--30da86ae-9e55-45c0-b438-53a6b2ac252d", + "id": "bundle--7d80dcec-7654-43b4-9f87-3399b4b4cba1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json index f21f9e153d..730bcd05e2 100644 --- a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json +++ b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c5718d50-e76a-4d17-a723-afdcbc5eb2bb", + "id": "bundle--8c5a4d30-d590-418d-9632-f5be2a66d1b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json index 2fd3a089b3..4e9e00103d 100644 --- a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json +++ b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--fd7ed420-684b-4861-bed0-7184711ee884", + "id": "bundle--427b9d95-5078-4c78-a651-5e38dd86f19c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json index f882e48fc6..c565eff6fd 100644 --- a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json +++ b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4716a219-0222-4c4d-8197-6c16b5653ea8", + "id": "bundle--ab64ace1-09c8-419e-b6fe-2234c23b939d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json index 4dbccc9b44..6b6ab87751 100644 --- a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json +++ b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ab14e991-d4a2-4013-9dac-9b7e26468b2e", + "id": "bundle--81a53d92-3145-4a87-8f3a-fb88726a6a3b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json index 5bfa8f5ea8..8dad87f7e7 100644 --- a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json +++ b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e3378b71-d948-4413-bd3f-f1d4da1f101a", + "id": "bundle--4e2ac0b1-6d36-4582-a432-56ed9aa612d0", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json index e183c34bcb..b09139f409 100644 --- a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json +++ b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d3c933a4-5508-43e8-9eb2-27da8b9c06bb", + "id": "bundle--47a02d6a-aae3-401f-9478-281ac5fee69e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json index 0f4914eebb..aed75aabfa 100644 --- a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json +++ b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--f368ef46-efe4-41dd-a4b5-9e31edb1f93e", + "id": "bundle--8ba5dbdf-4094-48c1-8cd5-01483c3246e8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json index 8a324d3f49..d77a0d3ea0 100644 --- a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json +++ b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9b87c1ac-e10b-4265-af32-6d937bf6cd1c", + "id": "bundle--9d56b2e5-482e-4004-927f-e44ce7fb3f89", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json index 0063581a71..b0f9047152 100644 --- a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json +++ b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--293eaaf2-cf2f-41d3-ac3a-2fef97827375", + "id": "bundle--13c82f3a-bb36-442c-84e5-bc4c9fde68fb", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json index ec44bd88f2..e4eec55395 100644 --- a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json +++ b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--8fe30429-8816-4540-a316-60dfb2276a26", + "id": "bundle--daf72052-c8ac-49b8-a910-cb5ec96de1d8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json index 5276d99caa..e5a59b33e8 100644 --- a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json +++ b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--1a94f040-5b3f-4f32-bf33-1792f1ca7091", + "id": "bundle--0f4c502e-51bd-4f55-ab61-44274a7e69cc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json index 0cab2b1640..a25ba67f7d 100644 --- a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json +++ b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ef266e93-426b-4ddb-aff5-80086f809c8b", + "id": "bundle--52fbe9e8-f9a3-48d0-8cb7-8cfcf8bf734d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json index 0fe4a01ce3..c2e0d80064 100644 --- a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json +++ b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d082c8a7-6e10-4b29-a03b-920cac4d2cea", + "id": "bundle--a98aaf51-192f-4d31-9831-28ff7f2709ce", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json b/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json index 2de69bc9eb..1d56a9caad 100644 --- a/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json +++ b/mobile-attack/relationship/relationship--fb1fe91d-0997-4403-b2a6-88400f174791.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--cc0aa3d3-8b2a-4a46-ac6c-2058ed797593", + "id": "bundle--d2b6d3af-00d1-4a48-bab8-fc71d1a0bdbc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json index 5e2689cb57..a3eabd2388 100644 --- a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json +++ b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4d9939a4-ef8c-4679-81f2-3981411a69f7", + "id": "bundle--2c6b0d9a-6826-477b-9092-e47c8dcf4213", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json index 972a32534c..f3ef3fe775 100644 --- a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json +++ b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--688d39d6-a4e4-46a1-8b16-974a4b33d413", + "id": "bundle--44e50b19-c9cf-4a79-bc0a-720e336e1d7e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json index 537a0e058e..e4a98bcb11 100644 --- a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json +++ b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--39dd178b-d29d-4e86-a1a9-d3aee78e595c", + "id": "bundle--6619cff8-d4c5-4e55-a010-ced6b301cc00", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json index 7c86abb893..1b4bf7994d 100644 --- a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json +++ b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9d529aed-d5ec-41b0-917d-ca5861e20ff3", + "id": "bundle--5b280b5a-df66-42a9-968f-9b8d96886509", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json index 791191d399..a87d3d5f72 100644 --- a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json +++ b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0edab79d-caba-4b18-ab2f-eb7f032f9fde", + "id": "bundle--3ef3b780-2dfd-45d8-84b3-ee07e0be766b", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json index c588e89ec6..1bf9606141 100644 --- a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json +++ b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--18bd771a-441d-4273-9ad1-e19a9d55d83b", + "id": "bundle--3863bc9e-023b-431b-ad14-eb6a4fac9892", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json index d613c7f5e6..db0881594f 100644 --- a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json +++ b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a7624c9a-4dba-4d61-8738-11c69bd883c6", + "id": "bundle--566c9066-1913-4117-9d4f-b51dd844a043", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json b/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json index 7f8657ba82..d3c48268c3 100644 --- a/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json +++ b/mobile-attack/relationship/relationship--fbd2d4f7-96ff-4624-a567-d4882f0c10ca.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4878168a-24f5-469e-9d34-b163f7bb2889", + "id": "bundle--412cfb48-f646-412b-9ea8-c4f42a4e5869", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json index 880763bc53..95d84fb78e 100644 --- a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json +++ b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--664548fb-3aef-403d-b810-cf43b79e8ea2", + "id": "bundle--a4d4866d-69d4-4d60-b962-8a07926649c3", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json index c60e9c0cda..f2e259edd7 100644 --- a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json +++ b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4d4b4a6f-5d05-4a4c-a0bb-50a0b7c017c8", + "id": "bundle--c0fe22b2-48c7-45bc-90ac-604f58e5b5c9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json index efa276317c..d6616da3f1 100644 --- a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json +++ b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0f045012-54ba-4a75-be4f-2483cde9e6f2", + "id": "bundle--c7dcb31c-db98-4024-8a77-ffa288c9fa42", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json index f5c2a86323..448dc6fcdc 100644 --- a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json +++ b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--d86ba872-bd38-40f6-acdc-e2b0c46803e3", + "id": "bundle--d08c55af-f609-424a-acb6-0736fb7330a8", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json index 766d51cbab..cb834fb906 100644 --- a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json +++ b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a9513cee-7ee7-46e6-b2d9-8d4af8384288", + "id": "bundle--32103678-75a6-400b-a0b0-c609980ba0d9", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json index a0740425da..aefc139edd 100644 --- a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json +++ b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--40d59115-e913-4afd-bbad-8e93e8ba0488", + "id": "bundle--71f19531-efc4-42fd-970a-03027343c206", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json index bdbf770f13..7f3e0c8ba2 100644 --- a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json +++ b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--b5c32c21-557d-4afb-b8ae-9de5586b9ec3", + "id": "bundle--369ca9c1-dc07-4815-a920-a481ce6d6efc", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json index 7324a28af7..2b651b3bc8 100644 --- a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json +++ b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--72421845-2d22-490f-95ad-e27b48a7d10d", + "id": "bundle--852ac1b4-90d6-44a5-9346-ea7c2a976058", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json index 3775926fc6..df4f492dec 100644 --- a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json +++ b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e1c1d92d-f6bf-42e8-b64f-a36a8ae9b38a", + "id": "bundle--a7e89b75-af1f-45a0-97ba-725dd3385218", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json index ca693756d0..ac14554263 100644 --- a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json +++ b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--0b9523b9-0d2b-4be4-8de8-a352f9224406", + "id": "bundle--b7520df7-b12a-495b-8666-c341215165c4", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json index ea08a85974..0efc32cdef 100644 --- a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json +++ b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ddf175d8-733b-4e37-9bff-c47903623e39", + "id": "bundle--7d901b01-68f6-4457-8d8e-5ba76f341a87", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json index ce6ff77607..21d7f379ae 100644 --- a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json +++ b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--e7bdbef6-8f2d-43ab-af14-bdc218534fc2", + "id": "bundle--0e2998c3-a578-46fd-9fd5-724e8338c265", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json index f66ba3c5db..3333d6f201 100644 --- a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json +++ b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--c28f17fb-0438-44e8-ab2c-8ac0e8bc2dbb", + "id": "bundle--5152624a-cfac-43f5-93c4-a43ba5277cba", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json index d1ae2a40ff..ceb97aa9e9 100644 --- a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json +++ b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a4732315-7f04-429b-a5ea-1d1914fe1fcd", + "id": "bundle--c4edf813-6b62-4e19-97b6-a637162e4695", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json index fb6efa5121..874bb104b5 100644 --- a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json +++ b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--aa919233-73d4-4a6e-906b-427c35e2e7e8", + "id": "bundle--4f44722d-e360-4fe0-becb-5affbf56074c", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json index f1b9925bd6..7a18bab9e0 100644 --- a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json +++ b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--ece283f4-a677-45c5-9b39-7a60329c325a", + "id": "bundle--a464686e-ab2e-476a-8f63-1ec058104d39", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json index e5c3150b4d..363404931a 100644 --- a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json +++ b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--917dd122-c31b-40fe-a316-352e6363d2e6", + "id": "bundle--4e4f14c5-7f73-443d-899d-d48e2066084a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json index 45ea0d3602..dc77fb8b71 100644 --- a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json +++ b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json @@ -1,25 +1,28 @@ { "type": "bundle", - "id": "bundle--0c01c2aa-cea2-49b8-b968-6c0765d681d3", + "id": "bundle--95d48799-dc6f-4e92-ad4c-e1d13cf551fa", "spec_version": "2.0", "objects": [ { + "modified": "2022-10-24T15:09:07.609Z", + "name": "Xbot", + "description": "[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)", "labels": [ "tool" ], + "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "x_mitre_domains": [ "mobile-attack" ], - "object_marking_refs": [ - "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" - ], - "id": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", + "x_mitre_version": "1.0", + "x_mitre_attack_spec_version": "2.1.0", "type": "tool", + "id": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4", "created": "2017-10-25T14:48:48.609Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { - "source_name": "mitre-mobile-attack", + "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0298", "external_id": "S0298" }, @@ -33,12 +36,9 @@ "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" } ], - "modified": "2018-12-11T20:40:31.461Z", - "name": "Xbot", - "description": "[Xbot](https://attack.mitre.org/software/S0298) is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. (Citation: PaloAlto-Xbot)", - "x_mitre_version": "1.0", - "x_mitre_attack_spec_version": "2.1.0", - "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] } ] } \ No newline at end of file diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json index 89a33fd494..d83775ddf1 100644 --- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json +++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--9913aa0c-36dd-4515-a99b-8cdde0d07205", + "id": "bundle--20c87b1b-154a-4936-946c-1684b642b1bf", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json index cb191ec66b..a7da5f4adf 100644 --- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json +++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5dfd0b99-5e35-4a5c-ba31-11b9cdac718f", + "id": "bundle--542fbb28-677c-45ff-8642-4fe2ebdc993e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json index e063a85b7b..414de07b01 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--5fbee10b-cbbb-4b40-8f1f-02ad5dac8ce8", + "id": "bundle--663389f7-a210-47c7-9b6c-9b8c60743a1e", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json index 38bf75931d..9ace857884 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--7a072182-d189-429a-8976-9a587fd5cea8", + "id": "bundle--c1e65552-a54c-4aa3-bb24-a0c4bf4eb759", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json index 4e3923c43a..92c59e089f 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4c36589b-7f2f-438f-ade2-9a95f3b66ed5", + "id": "bundle--462f0ef5-9a2c-414d-9ea4-2b5bf9b15f18", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json index 81387642c3..9653ef5de9 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--01f744ee-e629-4dc1-bef7-c03c0f6afabb", + "id": "bundle--c1ba1d4e-2434-4093-983d-f973b4a97824", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json index f40f262548..fa0d040c41 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--eb220e26-c328-43e6-99d5-068be0783809", + "id": "bundle--6e7b093a-444a-4e08-8fef-0153ee376ad5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json index 2d957a7bde..2792c63bb2 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--4ff79d1a-e3fe-43aa-becf-d878682c0302", + "id": "bundle--663f1ce0-ec69-4db5-8516-0c66b2da8b1d", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json index 4a8f68d920..4c1720a3b2 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--58658792-b53d-4441-a00c-c8e17ab1ddbe", + "id": "bundle--5ac35650-e85a-48ec-a4d9-47f61587eb50", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json index 4f4c71625e..427098e305 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--de863df8-a277-4f1e-adf7-845dd803204c", + "id": "bundle--12c26deb-e84b-463d-a416-42dd52ae155f", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json index e78b1064d5..41badf6128 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--6b6ad53a-98c5-4564-b3d8-a279c82d6852", + "id": "bundle--e451f386-37cb-4020-a2ac-40b567f1e1b5", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json index 3a92de85cd..cb357f9d74 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--28fe9ce0-6dc8-465c-a9ea-7d0e92964a2d", + "id": "bundle--03921816-2991-4118-b203-d72ad4b73b8a", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json index cf0d37e15d..cf89a53e58 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--233f08f7-78f1-44e2-afb4-d032c2064b16", + "id": "bundle--ec61b709-6f2f-4059-99a1-1cabacfccd22", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json index 81a34826de..fa4273a9f9 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--009d3a88-cfb8-487e-964a-5360f5d2ed95", + "id": "bundle--f18239f8-0441-437f-b69c-1291e4395bf1", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json index 004d9db690..4d6f7fcf02 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--a9d89d9d-14a4-4805-8270-48c1c851489d", + "id": "bundle--00b42b29-3162-4c21-b681-e9e170dd9757", "spec_version": "2.0", "objects": [ { diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json index 3ea91b1634..61e4995a4b 100644 --- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json +++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json @@ -1,6 +1,6 @@ { "type": "bundle", - "id": "bundle--03e36605-9d59-4ec8-afe2-0ef96044f6a0", + "id": "bundle--67f152eb-cde4-446c-884f-8650b8f05559", "spec_version": "2.0", "objects": [ {