cti-ATT-CK-v13.1/enterprise-attack/tool/tool--842976c7-f9c8-41b2-8371-41dc64fbe261.json

{
    "type": "bundle",
    "id": "bundle--ab742e17-0de5-43cb-9efc-9be3726b33ee",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-04-13T13:09:38.786Z",
            "name": "ConnectWise",
            "description": "[ConnectWise](https://attack.mitre.org/software/S0591) is a legitimate remote administration tool that has been used since at least 2016 by threat actors including [MuddyWater](https://attack.mitre.org/groups/G0069) and [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) to connect to and conduct lateral movement in target environments.(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)",
            "x_mitre_platforms": [
                "Windows"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_aliases": [
                "ConnectWise",
                "ScreenConnect"
            ],
            "type": "tool",
            "id": "tool--842976c7-f9c8-41b2-8371-41dc64fbe261",
            "created": "2021-03-18T13:39:27.676Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S0591",
                    "external_id": "S0591"
                },
                {
                    "source_name": "ScreenConnect",
                    "description": "(Citation: Anomali Static Kitten February 2021)"
                },
                {
                    "source_name": "Anomali Static Kitten February 2021",
                    "description": "Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.",
                    "url": "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies"
                },
                {
                    "source_name": "Trend Micro Muddy Water March 2021",
                    "description": "Peretz, A. and Theck, E. (2021, March 5). Earth Vetala \u2013 MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.",
                    "url": "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "labels": [
                "tool"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}