Skip to content

v13.1 having Duplicated G0097 and S0302 spanning both [enterprise-attack and mobile-attack] Stix JSON files #43

New issue
New issue
Open
Open
v13.1 having Duplicated G0097 and S0302 spanning both [enterprise-attack and mobile-attack] Stix JSON files#43
Assignees
ElJocko
@DrSnowbird

Description

@DrSnowbird
DrSnowbird
opened on Oct 21, 2023

1.) In Release v13.1 : "external_id": "G0097" -- appearing in both "x_mitre_domains": "mobile-attack" and "enerprise-attack"

mobile-attack-13.1.json
17685: "external_id": "G0097",
17687: "url": "https://attack.mitre.org/groups/G0097"
17697: "description": "Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
21073: "description": "GolfSpy is Android spyware deployed by the group Bouncing Golf.(Citation: Trend Micro Bouncing Golf 2019)",
59771: "description": "Bouncing Golf delivered GolfSpy via a hosted application binary advertised on social media.(Citation: Trend Micro Bouncing Golf 2019) ",
63828: "description": "Bouncing Golf distributed malware as repackaged legitimate applications, with the malicious code in the com.golf package.(Citation: Trend Micro Bouncing Golf 2019)"

enterprise-attack-13.1.json
692360: "external_id": "G0097",
692362: "url": "https://attack.mitre.org/groups/G0097"
692372: "description": "Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",

2.) In Release v13.1 : "external_id": "S0302" -- appearing in both "x_mitre_domains": "mobile-attack" and "enerprise-attack"

mobile-attack-13.1.json
19550: "description": "Twitoor is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)",
19570: "url": "https://attack.mitre.org/software/S0302",
19571: "external_id": "S0302"
38696: "description": "Twitoor can hide its presence on the system.(Citation: ESET-Twitoor)",
50166: "description": "Twitoor encrypts its C2 communication.(Citation: ESET-Twitoor)",
54579: "description": "Twitoor can be controlled via Twitter.(Citation: ESET-Twitoor)",
61597: "description": "Twitoor can install attacker-specified applications.(Citation: ESET-Twitoor)",
66798: "description": "Twitoor uses Twitter for command and control.(Citation: ESET-Twitoor)",

enterprise-attack-13.1.json
691943: "description": "Twitoor is a dropper application capable of receiving commands from social media.(Citation: ESET-Twitoor)",
691963: "url": "https://attack.mitre.org/software/S0302",
691964: "external_id": "S0302"
692181: "description": "Twitoor uses Twitter for command and control.(Citation: ESET-Twitoor)",

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions