| id | |
| author | |
| creation date | |
| platform | |
| playbook link |
Roberto Rodriguez Cyb3rWard0g
🍻
Cyb3rWard0g
/ G0005-technique-relationship-example.json
Created
November 12, 2019 05:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "bundle", | |
| "id": "bundle--d8be14ca-02ac-49cf-b728-66b63b5eb4bb", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "type": "relationship", | |
| "target_ref": "attack-pattern--830c9528-df21-472c-8c14-a036bf17d665", | |
| "description": "[APT12](https://attack.mitre.org/groups/G0005) has used blogs and WordPress for C2 infrastructure.", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", |
Cyb3rWard0g
/ G0005-intrusion-set.json
Created
November 12, 2019 05:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "bundle", | |
| "id": "bundle--ac829de4-ac51-48e3-b65d-bc969bdfed49", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "aliases": [ | |
| "APT12", | |
| "IXESHE", | |
| "DynCalc", |
Cyb3rWard0g
/ G0005-attack-pattern.json
Created
November 12, 2019 05:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "bundle", | |
| "id": "bundle--2326ab0e-9d63-4777-bc72-ededcd8ed07a", | |
| "spec_version": "2.0", | |
| "objects": [ | |
| { | |
| "x_mitre_permissions_required": [ | |
| "User" | |
| ], | |
| "x_mitre_data_sources": [ |
Cyb3rWard0g
/ G0096-relationship.json
Created
November 12, 2019 07:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "relationship", | |
| "id": "relationship--4d1d7045-4492-492c-9522-2885d6bd96f6", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "created": "2019-09-24T13:01:20.471Z", | |
| "modified": "2019-09-24T13:01:20.472Z", | |
| "relationship_type": "uses", | |
| "source_ref": "intrusion-set--18854f55-ac7c-4634-bd9a-352dd07613b7", | |
| "target_ref": "malware--cfc75b0d-e579-40ae-ad07-a1ce00d49a6c", | |
| "external_references": [ |
Cyb3rWard0g
/ G0095-relationship.json
Created
November 12, 2019 15:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "relationship", | |
| "id": "relationship--0f880e99-efaa-4e85-91c3-cac3d81d6b9a", | |
| "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
| "created": "2019-10-15T22:28:40.394Z", | |
| "modified": "2019-10-15T22:28:40.394Z", | |
| "relationship_type": "uses", | |
| "description": "[Machete](https://attack.mitre.org/groups/G0095) has has relied on users opening malicious links or attachments delivered through spearphishing to execute malware.", | |
| "source_ref": "intrusion-set--38863958-a201-4ce1-9dbe-539b0b6804e0", | |
| "target_ref": "attack-pattern--8c32eb4d-805f-4fc5-bf60-c4d476c131b5", |
Cyb3rWard0g
/ G0096-technique-relationship.txt
Last active
November 12, 2019 17:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {'aliases': ['APT41'], | |
| 'type': 'intrusion-set', | |
| 'name': 'APT41', | |
| 'description': '[APT41](https://attack.mitre.org/groups/G0096) is a group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity. [APT41](https://attack.mitre.org/groups/G0096) has been active since as early as 2012. The group has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries.(Citation: FireEye APT41 Aug 2019)', | |
| 'external_references': [{'external_id': 'G0096', | |
| 'source_name': 'mitre-attack', | |
| 'url': 'https://attack.mitre.org/groups/G0096'}, | |
| {'description': '(Citation: FireEye APT41 2019)', 'source_name': 'APT41'}, | |
| {'description': 'Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.', | |
| 'source_name': 'FireEye APT41 Aug 2019', |
Cyb3rWard0g
/ Navigator-Group-Layer-Template.json
Created
November 12, 2019 18:05
Cyb3rWard0g
/ Navigator-Group-Dynamic-layer-template.text
Last active
November 12, 2019 19:43
Cyb3rWard0g
/ threathunter_playbook_format.md
Last active
December 17, 2019 16:49
Cyb3rWard0g
/ WIN-190813181020.yaml
Created
December 17, 2019 16:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title: Remote Service creation | |
| id: WIN-190815181010 | |
| author: Roberto Rodriguez @Cyb3rWard0g | |
| playbook_link: WIN-190813181020 | |
| creation_date: 19/08/15 | |
| platform: Windows | |
| permissions_required: | |
| - Administrator | |
| attack_coverage: | |
| - technique: T1035 |