NER&RE - HackMD

# NER&RE ## EntityType 1. Malware (B、I) 2. Organization (B、I) 3. Application (B、I) 4. OS (B、I) 5. Person (B、I) 6. location (B、I) 7. Time (B、I) 8. MalwareType (B、I) 9. ThreatActor (B、I) 10. O ## RelationType 1. noRelation : * e1 (noRelation) e2 2. isA : * Malware (isA) MalwareFamily * Malware (isA) MalwareType 3. targets : * Malware (targets) Location * Malware (targets) OS * Malware (targets) Application * ThreatActor (targets) Location 4. uses : * Malware (uses) Application * Malware (uses) AttackPattern 5. hasAuthor : * Malware (hasAuthor) ThreatActor 6. has : * Malware (has) Malware * ThreatActor (has) Organization 7. variantOf : * Malware (variantOf) Malware 8. hasAlias : * Malware (hasAlias) Malware 9. indicates : * IoC (indicates) Malware 10. discoveredIn : * Malware (discoveredIn) Time 11. exploits : * Malware (exploits) CVE e.g. 1. <e1>Pegasus</e1> , the assault package leverages three zero-day vulnerabilities to remotely jailbreak and install a suite of monitoring software onto a victim 's device.One of the key tools in the process is an exploit that takes advantage of a < e2 > memory corruption flaw < /e2 > in Safari WebKit . (Malware (exploits) ?) 2. < e1 > <e1>RCSAndroid</e1> < /e1 > was known about as far back as 2012.It uses two known vulnerabilities in the default Android Internet browser found in Android versions 4.0 to 4.3 ( CVE-2012-2825 and < e2 > CVE-2012-2871 < /e2 >. (Malware (exploits) ?) 3. <e1>RCSAndroid</e1> uses two different methods to infect devices.1.Hacking Team used text and email messages containing specially crafted URLs that triggered exploits for several vulnerabilities (CVE-2012-2825 and <e2>CVE-2012-2871</e2>) present in the default browsers of Android 4.(Malware (exploits) ?) 4. < e1 > <e1>Pegasus</e1> < /e1 > by exploiting a zero-day in feature for iPhone.The phones were compromised using an exploit chain that we call < e2 > KISMET < /e2 > .(Malware (exploits ?)) ## Reference 1. [Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI](https://arxiv.org/pdf/2211.01753)