locsec/ceios
1
Форкнуть 0
зеркало из https://github.com/ceios/ceios.git synced 2025-10-29 04:04:13 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
ceios/database/IRA 2016 FaceMusic Malware/FaceMusic Malware Skeleton.json
hung nguyen dde7f705ad add folders
2024-09-16 15:58:15 +09:30

569 строки
20 KiB
JSON
Исходник Ответственный История

{
"type": "bundle",
"id": "bundle--109cef74-72b4-4362-a84e-1f6f9bcf2b42",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.128Z",
"modified": "2024-09-05T06:55:56.128Z",
"objects": [
{
"type": "extension-definition",
"id": "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4",
"spec_version": "2.1",
"created": "2022-08-02T19:34:35.143Z",
"modified": "2022-08-02T19:34:35.143Z",
"name": "Attack Flow",
"description": "Extends STIX 2.1 with features to create Attack Flows.",
"created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4",
"schema": "https://center-for-threat-informed-defense.github.io/attack-flow/stix/attack-flow-schema-2.0.0.json",
"version": "2.0.0",
"extension_types": [
"new-sdo"
],
"external_references": [
{
"source_name": "Documentation",
"description": "Documentation for Attack Flow",
"url": "https://center-for-threat-informed-defense.github.io/attack-flow"
},
{
"source_name": "GitHub",
"description": "Source code repository for Attack Flow",
"url": "https://github.com/center-for-threat-informed-defense/attack-flow"
}
]
},
{
"type": "identity",
"id": "identity--fb9c968a-745b-4ade-9b25-c324172197f4",
"spec_version": "2.1",
"created": "2022-08-02T19:34:35.143Z",
"modified": "2022-08-02T19:34:35.143Z",
"created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4",
"name": "MITRE Engenuity Center for Threat-Informed Defense",
"identity_class": "organization"
},
{
"type": "attack-flow",
"id": "attack-flow--aa13f359-e745-41a0-b200-bf30de63253d",
"spec_version": "2.1",
"created": "2024-06-24T15:08:11.074Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"created_by_ref": "identity--6eb3c68f-a7d6-4822-9d7a-0a7806a21cb0",
"start_refs": [
"attack-action--bf852db6-da70-48c6-a641-f0579cf3da07",
"attack-action--c7eeeec4-d878-4909-8dae-e1ff6079c37e",
"attack-action--4a928ea6-8165-4a99-8f9f-72c7ea3247b8",
"attack-action--58f5ca11-87ac-4a47-b87c-03a8986065ad",
"attack-action--97c6550f-8b32-4e20-b854-09a515267cd1",
"attack-action--9eb4c7e4-9606-4c6f-8c40-374d828dfa2a"
],
"name": "FaceMusic Malware Skeleton",
"scope": "incident"
},
{
"type": "identity",
"id": "identity--6eb3c68f-a7d6-4822-9d7a-0a7806a21cb0",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.128Z",
"modified": "2024-09-05T06:55:56.128Z",
"name": "Jim Morris"
},
{
"type": "attack-action",
"id": "attack-action--bf852db6-da70-48c6-a641-f0579cf3da07",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Search Open Websites/Domains: Social Media",
"tactic_id": "TA0043",
"tactic_ref": "x-mitre-tactic--daa4cbb1-b4f4-4723-a824-7f1efd6e0592",
"technique_id": "T1593.001",
"technique_ref": "attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3",
"effect_refs": [
"attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc",
"attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2",
"attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545"
]
},
{
"type": "attack-action",
"id": "attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Establish Accounts: Social Media Accounts",
"tactic_id": "TA0042",
"tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
"technique_id": "T1585.001",
"technique_ref": "attack-pattern--b1ccd744-3f78-4a0e-9bb2-2002057f7928",
"effect_refs": [
"attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc"
]
},
{
"type": "attack-action",
"id": "attack-action--c7eeeec4-d878-4909-8dae-e1ff6079c37e",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Develop Capabilities: Malware",
"tactic_id": "TA0042",
"tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
"technique_id": "T1587.001",
"technique_ref": "attack-pattern--212306d8-efa4-44c9-8c2d-ed3d2e224aa0",
"effect_refs": [
"attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c"
]
},
{
"type": "attack-action",
"id": "attack-action--b21d03be-19e7-456c-b4a4-18f503bdf91b",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Compromise Accounts: Social Media Accounts",
"tactic_id": "TA0042",
"tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
"technique_id": "T1586.001",
"technique_ref": "attack-pattern--274770e0-2612-4ccf-a678-ef8e7bad365d",
"effect_refs": [
"attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc"
]
},
{
"type": "attack-action",
"id": "attack-action--724af0b4-e1e4-4eb8-b27c-9a82e2f00373",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Compromise Infrastructure: Botnet",
"tactic_id": "TA0042",
"tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
"technique_id": "T1584.005",
"technique_ref": "attack-pattern--810d8072-afb6-4a56-9ee7-86379ac4a6f3",
"effect_refs": [
"attack-action--b21d03be-19e7-456c-b4a4-18f503bdf91b",
"attack-action--36909774-ba84-4574-b51e-97ec000f57b3",
"attack-action--d908bc6c-d245-47ed-bcef-9b437b7588b8"
]
},
{
"type": "attack-action",
"id": "attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Stage Capabilities: Upload Malware",
"tactic_id": "TA0042",
"tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400",
"technique_id": "T1608.001",
"technique_ref": "attack-pattern--3ee16395-03f0-4690-a32e-69ce9ada0f9e",
"effect_refs": [
"attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc"
]
},
{
"type": "attack-action",
"id": "attack-action--36909774-ba84-4574-b51e-97ec000f57b3",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Scheduled Task/Job",
"tactic_id": "TA0002",
"tactic_ref": "x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5",
"technique_id": "T1053",
"technique_ref": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"effect_refs": [
"attack-action--a128830e-4f25-486c-a974-851f20148f1f",
"attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5",
"attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae"
]
},
{
"type": "attack-action",
"id": "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Drive-by Compromise",
"tactic_id": "TA0001",
"tactic_ref": "x-mitre-tactic--ffd5bcee-6e16-4dd2-8eca-7b3beedf33ca",
"technique_id": "T1189",
"technique_ref": "attack-pattern--d742a578-d70e-4d0e-96a6-02a9c30204e6",
"effect_refs": [
"attack-action--724af0b4-e1e4-4eb8-b27c-9a82e2f00373",
"attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5"
]
},
{
"type": "attack-action",
"id": "attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Browser Extensions",
"tactic_id": "TA0003",
"tactic_ref": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92",
"technique_id": "T1176",
"technique_ref": "attack-pattern--389735f1-f21c-4208-b8f0-f8031e7169b8",
"effect_refs": [
"attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a"
]
},
{
"type": "attack-action",
"id": "attack-action--a128830e-4f25-486c-a974-851f20148f1f",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Scheduled Task/Job",
"tactic_id": "TA0003",
"tactic_ref": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92",
"technique_id": "T1053",
"technique_ref": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"effect_refs": [
"attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a"
]
},
{
"type": "attack-action",
"id": "attack-action--b80fa8a2-9588-4fcc-8100-36b377bb9e00",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Divide",
"tactic_id": "TA02",
"technique_id": "T0079"
},
{
"type": "attack-action",
"id": "attack-action--4a928ea6-8165-4a99-8f9f-72c7ea3247b8",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Determine Strategic Ends",
"tactic_id": "TA01",
"technique_id": "T0074",
"effect_refs": [
"attack-action--b80fa8a2-9588-4fcc-8100-36b377bb9e00",
"attack-action--9ca8275f-d019-448a-8289-045a233e62a4",
"attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545",
"attack-action--dd155896-be40-4941-9a35-aca3d93495f0"
]
},
{
"type": "attack-action",
"id": "attack-action--9ca8275f-d019-448a-8289-045a233e62a4",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Distract",
"tactic_id": "TA02",
"technique_id": "T0077"
},
{
"type": "attack-action",
"id": "attack-action--4eb0fa83-73af-4236-af00-cf95bea4b0ef",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Leverage Existing Narratives",
"tactic_id": "TA14",
"technique_id": "T0003",
"effect_refs": [
"attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963",
"attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da"
]
},
{
"type": "attack-action",
"id": "attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Generate Information Pollution",
"tactic_id": "TA06",
"technique_id": "T0019"
},
{
"type": "attack-action",
"id": "attack-action--dd155896-be40-4941-9a35-aca3d93495f0",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Segment Audiences: Political Segmentation",
"tactic_id": "TA13",
"technique_id": "T0072.005"
},
{
"type": "attack-action",
"id": "attack-action--8578d49e-3b36-4ae8-b370-8999d1f27ee8",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Respond to Breaking News Event or Active Crisis",
"tactic_id": "TA14",
"technique_id": "T0068",
"effect_refs": [
"attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963",
"attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da"
]
},
{
"type": "attack-action",
"id": "attack-action--9cdc6539-f4f9-40fd-944c-2a0fec470859",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Integrate Target Audience Vulnerabilities into Narrative",
"tactic_id": "TA14",
"technique_id": "T0083",
"effect_refs": [
"attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963",
"attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da"
]
},
{
"type": "attack-action",
"id": "attack-action--58f5ca11-87ac-4a47-b87c-03a8986065ad",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Create Inauthentic Websites",
"tactic_id": "TA15",
"technique_id": "T0013",
"effect_refs": [
"attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c"
]
},
{
"type": "attack-action",
"id": "attack-action--97c6550f-8b32-4e20-b854-09a515267cd1",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Build Network: Create Community of Sub-group",
"tactic_id": "TA15",
"technique_id": "T0092.003",
"effect_refs": [
"attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2"
]
},
{
"type": "attack-action",
"id": "attack-action--d908bc6c-d245-47ed-bcef-9b437b7588b8",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Acquire/Recruit Network: Acquire Botnets",
"tactic_id": "TA15",
"technique_id": "T0093.002",
"effect_refs": [
"attack-action--36909774-ba84-4574-b51e-97ec000f57b3",
"attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae"
]
},
{
"type": "attack-action",
"id": "attack-action--9eb4c7e4-9606-4c6f-8c40-374d828dfa2a",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Deliver Ads: Social Media",
"tactic_id": "TA09",
"technique_id": "T0114.001",
"effect_refs": [
"attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc"
]
},
{
"type": "attack-action",
"id": "attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Flooding the Information Space: Bots Amplify via Automated Forwarding and Reposting",
"tactic_id": "TA17",
"technique_id": "T0049.003",
"effect_refs": [
"attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a"
]
},
{
"type": "attack-action",
"id": "attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Continue to Amplify",
"tactic_id": "TA11",
"technique_id": "T0060",
"effect_refs": [
"attack-action--36909774-ba84-4574-b51e-97ec000f57b3"
]
},
{
"type": "attack-action",
"id": "attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"name": "Determine Target Audiences",
"tactic_id": "TA01",
"technique_id": "T0073",
"effect_refs": [
"attack-action--dd155896-be40-4941-9a35-aca3d93495f0",
"attack-action--9cdc6539-f4f9-40fd-944c-2a0fec470859",
"attack-action--8578d49e-3b36-4ae8-b370-8999d1f27ee8",
"attack-action--4eb0fa83-73af-4236-af00-cf95bea4b0ef"
]
},
{
"type": "attack-operator",
"id": "attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da",
"spec_version": "2.1",
"created": "2024-09-05T06:55:56.129Z",
"modified": "2024-09-05T06:55:56.129Z",
"extensions": {
"extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": {
"extension_type": "new-sdo"
}
},
"operator": "AND",
"effect_refs": [
"attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae",
"attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2"
]
}
]
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку