├── .gitignore ├── .idea ├── .gitignore ├── Knowledge-enhanced-Attack-Graph.iml ├── deployment.xml ├── inspectionProfiles │ └── profiles_settings.xml ├── misc.xml ├── modules.xml └── vcs.xml ├── Archive-v0.1 ├── .gitignore ├── Attack_Graph │ ├── __init__.py │ ├── attackGraph.py │ ├── attackMatching.py │ ├── attackTemplate.py │ ├── techniqueGraphBuilder.py │ └── techniqueIdentifier.py ├── Mitre_TTPs │ ├── Report_crawler.ipynb │ ├── Tactic_Technique_Reference_Example.gml │ ├── Tactic_Technique_Reference_Example.pdf │ ├── mitreGraphReader.py │ ├── mitre_attack_retrieve.ipynb │ ├── mitre_html │ │ ├── MITRE ATT&CK-20210831.html │ │ ├── MITRE ATT&CK.html │ │ ├── Tactic_Technique_Reference_Example.gml │ │ └── Techniques-Enterprise.html │ ├── produce_examples.txt │ ├── produce_examples_picked.txt │ └── reports_preprocess.ipynb ├── NLP │ ├── __init__.py │ ├── iocNer.py │ ├── iocRegex.py │ ├── keywordExtraction.py │ └── reportPreprocess.py ├── README.md ├── ioc_regexPattern.json ├── ioc_replaceWord.json ├── main.py ├── ner_regexPattern.json ├── requirements.txt └── utilities │ └── wordCountInProcedureExamples.py ├── Dataset ├── Evaluation │ ├── Cobalt Campaign.txt │ ├── Darpa_Firefox BITS Micro APT.txt │ ├── Darpa_Firefox DNS Drakon APT.txt │ ├── Darpa_Firefox Drakon APT Elevate Copykatz.txt │ ├── Darpa_Nginx Drakon APT.txt │ ├── Darpa_SSH BinFmt-Elevate.txt │ ├── Deputydog Campaign.txt │ ├── Frankenstein Campaign.txt │ └── OceanLotus Campaign.txt └── reports_sample │ ├── Cobalt.html │ ├── Deputydog.html │ ├── Frankenstein.html │ ├── Log4Shell.html │ └── OceanLotus.html ├── Image ├── Example.pdf ├── Example_00.jpg ├── Framework_v3.pdf └── Framework_v3_00.jpg ├── LICENSE ├── README.md ├── Results ├── 10_HawkEye Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 11_DustySky Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 12_TrickLoad Spyware Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 13_Emotet campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 14_Uroburos Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 15_APT41 Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 16_Espionage Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt ├── 9_Deputydog Campaign │ ├── AttacKG │ │ ├── G.gml │ │ ├── G.gv │ │ ├── G.gv.pdf │ │ └── log.txt │ └── report.txt └── Attack Reports Analysis(1-8).docx ├── Tactic_Technique_Reference_Example.gml ├── html_url_hash.csv ├── ioc_regexPattern.json ├── ioc_replaceWord.json ├── main.py ├── mitre_ttps └── mitreGraphReader.py ├── ner_regexPattern.json ├── output_techniques.json ├── preprocess └── report_preprocess.py ├── report_parser ├── ioc_protection.py ├── report_parser.py └── report_parser_chn.py ├── requirements.txt ├── technique_knowledge_graph ├── attack_graph.py ├── technique_identifier.py └── technique_template.py └── utilities ├── output_filter.py └── report_crawler.py /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.gitignore -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/.gitignore -------------------------------------------------------------------------------- /.idea/Knowledge-enhanced-Attack-Graph.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/Knowledge-enhanced-Attack-Graph.iml -------------------------------------------------------------------------------- /.idea/deployment.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/deployment.xml -------------------------------------------------------------------------------- /.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/inspectionProfiles/profiles_settings.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/modules.xml -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/.idea/vcs.xml -------------------------------------------------------------------------------- /Archive-v0.1/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/.gitignore -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/__init__.py -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/attackGraph.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/attackGraph.py -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/attackMatching.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/attackMatching.py -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/attackTemplate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/attackTemplate.py -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/techniqueGraphBuilder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/techniqueGraphBuilder.py -------------------------------------------------------------------------------- /Archive-v0.1/Attack_Graph/techniqueIdentifier.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Attack_Graph/techniqueIdentifier.py -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/Report_crawler.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/Report_crawler.ipynb -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/Tactic_Technique_Reference_Example.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/Tactic_Technique_Reference_Example.gml -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/Tactic_Technique_Reference_Example.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/Tactic_Technique_Reference_Example.pdf -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitreGraphReader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitreGraphReader.py -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitre_attack_retrieve.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitre_attack_retrieve.ipynb -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitre_html/MITRE ATT&CK-20210831.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitre_html/MITRE ATT&CK-20210831.html -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitre_html/MITRE ATT&CK.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitre_html/MITRE ATT&CK.html -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitre_html/Tactic_Technique_Reference_Example.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitre_html/Tactic_Technique_Reference_Example.gml -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/mitre_html/Techniques-Enterprise.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/mitre_html/Techniques-Enterprise.html -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/produce_examples.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/produce_examples.txt -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/produce_examples_picked.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/produce_examples_picked.txt -------------------------------------------------------------------------------- /Archive-v0.1/Mitre_TTPs/reports_preprocess.ipynb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/Mitre_TTPs/reports_preprocess.ipynb -------------------------------------------------------------------------------- /Archive-v0.1/NLP/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Archive-v0.1/NLP/iocNer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/NLP/iocNer.py -------------------------------------------------------------------------------- /Archive-v0.1/NLP/iocRegex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/NLP/iocRegex.py -------------------------------------------------------------------------------- /Archive-v0.1/NLP/keywordExtraction.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/NLP/keywordExtraction.py -------------------------------------------------------------------------------- /Archive-v0.1/NLP/reportPreprocess.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/NLP/reportPreprocess.py -------------------------------------------------------------------------------- /Archive-v0.1/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/README.md -------------------------------------------------------------------------------- /Archive-v0.1/ioc_regexPattern.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/ioc_regexPattern.json -------------------------------------------------------------------------------- /Archive-v0.1/ioc_replaceWord.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/ioc_replaceWord.json -------------------------------------------------------------------------------- /Archive-v0.1/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/main.py -------------------------------------------------------------------------------- /Archive-v0.1/ner_regexPattern.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/ner_regexPattern.json -------------------------------------------------------------------------------- /Archive-v0.1/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/requirements.txt -------------------------------------------------------------------------------- /Archive-v0.1/utilities/wordCountInProcedureExamples.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Archive-v0.1/utilities/wordCountInProcedureExamples.py -------------------------------------------------------------------------------- /Dataset/Evaluation/Cobalt Campaign.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Cobalt Campaign.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Darpa_Firefox BITS Micro APT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Darpa_Firefox BITS Micro APT.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Darpa_Firefox DNS Drakon APT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Darpa_Firefox DNS Drakon APT.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Darpa_Firefox Drakon APT Elevate Copykatz.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Darpa_Firefox Drakon APT Elevate Copykatz.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Darpa_Nginx Drakon APT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Darpa_Nginx Drakon APT.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Darpa_SSH BinFmt-Elevate.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Darpa_SSH BinFmt-Elevate.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Deputydog Campaign.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Deputydog Campaign.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/Frankenstein Campaign.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/Frankenstein Campaign.txt -------------------------------------------------------------------------------- /Dataset/Evaluation/OceanLotus Campaign.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/Evaluation/OceanLotus Campaign.txt -------------------------------------------------------------------------------- /Dataset/reports_sample/Cobalt.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/reports_sample/Cobalt.html -------------------------------------------------------------------------------- /Dataset/reports_sample/Deputydog.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/reports_sample/Deputydog.html -------------------------------------------------------------------------------- /Dataset/reports_sample/Frankenstein.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/reports_sample/Frankenstein.html -------------------------------------------------------------------------------- /Dataset/reports_sample/Log4Shell.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/reports_sample/Log4Shell.html -------------------------------------------------------------------------------- /Dataset/reports_sample/OceanLotus.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Dataset/reports_sample/OceanLotus.html -------------------------------------------------------------------------------- /Image/Example.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Image/Example.pdf -------------------------------------------------------------------------------- /Image/Example_00.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Image/Example_00.jpg -------------------------------------------------------------------------------- /Image/Framework_v3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Image/Framework_v3.pdf -------------------------------------------------------------------------------- /Image/Framework_v3_00.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Image/Framework_v3_00.jpg -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/README.md -------------------------------------------------------------------------------- /Results/10_HawkEye Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/10_HawkEye Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/10_HawkEye Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/10_HawkEye Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/10_HawkEye Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/10_HawkEye Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/10_HawkEye Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/10_HawkEye Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/10_HawkEye Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/10_HawkEye Campaign/report.txt -------------------------------------------------------------------------------- /Results/11_DustySky Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/11_DustySky Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/11_DustySky Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/11_DustySky Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/11_DustySky Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/11_DustySky Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/11_DustySky Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/11_DustySky Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/11_DustySky Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/11_DustySky Campaign/report.txt -------------------------------------------------------------------------------- /Results/12_TrickLoad Spyware Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/12_TrickLoad Spyware Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/12_TrickLoad Spyware Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/12_TrickLoad Spyware Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/12_TrickLoad Spyware Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/12_TrickLoad Spyware Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/12_TrickLoad Spyware Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/12_TrickLoad Spyware Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/12_TrickLoad Spyware Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/12_TrickLoad Spyware Campaign/report.txt -------------------------------------------------------------------------------- /Results/13_Emotet campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/13_Emotet campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/13_Emotet campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/13_Emotet campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/13_Emotet campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/13_Emotet campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/13_Emotet campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/13_Emotet campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/13_Emotet campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/13_Emotet campaign/report.txt -------------------------------------------------------------------------------- /Results/14_Uroburos Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/14_Uroburos Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/14_Uroburos Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/14_Uroburos Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/14_Uroburos Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/14_Uroburos Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/14_Uroburos Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/14_Uroburos Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/14_Uroburos Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/14_Uroburos Campaign/report.txt -------------------------------------------------------------------------------- /Results/15_APT41 Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/15_APT41 Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/15_APT41 Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/15_APT41 Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/15_APT41 Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/15_APT41 Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/15_APT41 Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/15_APT41 Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/15_APT41 Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/15_APT41 Campaign/report.txt -------------------------------------------------------------------------------- /Results/16_Espionage Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/16_Espionage Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/16_Espionage Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/16_Espionage Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/16_Espionage Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/16_Espionage Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/16_Espionage Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/16_Espionage Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/16_Espionage Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/16_Espionage Campaign/report.txt -------------------------------------------------------------------------------- /Results/9_Deputydog Campaign/AttacKG/G.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/9_Deputydog Campaign/AttacKG/G.gml -------------------------------------------------------------------------------- /Results/9_Deputydog Campaign/AttacKG/G.gv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/9_Deputydog Campaign/AttacKG/G.gv -------------------------------------------------------------------------------- /Results/9_Deputydog Campaign/AttacKG/G.gv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/9_Deputydog Campaign/AttacKG/G.gv.pdf -------------------------------------------------------------------------------- /Results/9_Deputydog Campaign/AttacKG/log.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/9_Deputydog Campaign/AttacKG/log.txt -------------------------------------------------------------------------------- /Results/9_Deputydog Campaign/report.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/9_Deputydog Campaign/report.txt -------------------------------------------------------------------------------- /Results/Attack Reports Analysis(1-8).docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Results/Attack Reports Analysis(1-8).docx -------------------------------------------------------------------------------- /Tactic_Technique_Reference_Example.gml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/Tactic_Technique_Reference_Example.gml -------------------------------------------------------------------------------- /html_url_hash.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/html_url_hash.csv -------------------------------------------------------------------------------- /ioc_regexPattern.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/ioc_regexPattern.json -------------------------------------------------------------------------------- /ioc_replaceWord.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/ioc_replaceWord.json -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/main.py -------------------------------------------------------------------------------- /mitre_ttps/mitreGraphReader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/mitre_ttps/mitreGraphReader.py -------------------------------------------------------------------------------- /ner_regexPattern.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/ner_regexPattern.json -------------------------------------------------------------------------------- /output_techniques.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/output_techniques.json -------------------------------------------------------------------------------- /preprocess/report_preprocess.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/preprocess/report_preprocess.py -------------------------------------------------------------------------------- /report_parser/ioc_protection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/report_parser/ioc_protection.py -------------------------------------------------------------------------------- /report_parser/report_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/report_parser/report_parser.py -------------------------------------------------------------------------------- /report_parser/report_parser_chn.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/requirements.txt -------------------------------------------------------------------------------- /technique_knowledge_graph/attack_graph.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/technique_knowledge_graph/attack_graph.py -------------------------------------------------------------------------------- /technique_knowledge_graph/technique_identifier.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/technique_knowledge_graph/technique_identifier.py -------------------------------------------------------------------------------- /technique_knowledge_graph/technique_template.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph/HEAD/technique_knowledge_graph/technique_template.py -------------------------------------------------------------------------------- /utilities/output_filter.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /utilities/report_crawler.py: -------------------------------------------------------------------------------- 1 | # Todo 2 | --------------------------------------------------------------------------------