-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v13.1 having Duplicated G0097 and S0302 spanning both [enterprise-attack and mobile-attack] Stix JSON files #43
Comments
These objects (G0097 and S0302) are both mobile objects and should only appear in the Mobile collection bundle. They are included in the Enterprise collection bundle because:
We'll review the bundle generation script and make a change so that these objects are not included in the Enterprise v15.0 collection bundle. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1.) In Release v13.1 : "external_id": "G0097" -- appearing in both "x_mitre_domains": "mobile-attack" and "enerprise-attack"
mobile-attack-13.1.json
17685: "external_id": "G0097",
17687: "url": "https://attack.mitre.org/groups/G0097"
17697: "description": "Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
21073: "description": "GolfSpy is Android spyware deployed by the group Bouncing Golf.(Citation: Trend Micro Bouncing Golf 2019)",
59771: "description": "Bouncing Golf delivered GolfSpy via a hosted application binary advertised on social media.(Citation: Trend Micro Bouncing Golf 2019) ",
63828: "description": "Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the
com.golf
package.(Citation: Trend Micro Bouncing Golf 2019)"enterprise-attack-13.1.json
692360: "external_id": "G0097",
692362: "url": "https://attack.mitre.org/groups/G0097"
692372: "description": "Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
2.) In Release v13.1 : "external_id": "S0302" -- appearing in both "x_mitre_domains": "mobile-attack" and "enerprise-attack"
mobile-attack-13.1.json
19550: "description": "Twitoor is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)",
19570: "url": "https://attack.mitre.org/software/S0302",
19571: "external_id": "S0302"
38696: "description": "Twitoor can hide its presence on the system.(Citation: ESET-Twitoor)",
50166: "description": "Twitoor encrypts its C2 communication.(Citation: ESET-Twitoor)",
54579: "description": "Twitoor can be controlled via Twitter.(Citation: ESET-Twitoor)",
61597: "description": "Twitoor can install attacker-specified applications.(Citation: ESET-Twitoor)",
66798: "description": "Twitoor uses Twitter for command and control.(Citation: ESET-Twitoor)",
enterprise-attack-13.1.json
691943: "description": "Twitoor is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)",
691963: "url": "https://attack.mitre.org/software/S0302",
691964: "external_id": "S0302"
692181: "description": "Twitoor uses Twitter for command and control.(Citation: ESET-Twitoor)",
The text was updated successfully, but these errors were encountered: