From 5f73f7696515866d97a2a4ecc0b0020a88956d2e Mon Sep 17 00:00:00 2001
From: chrisante7 <caante@mitre.org>
Date: Mon, 9 Nov 2020 10:53:21 -0500
Subject: [PATCH 1/2] Fixed typos on 2 relationship objects.

---
 ics-attack/ics-attack.json                                    | 4 ++--
 ...> relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497.json} | 2 +-
 ...> relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe.json} | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)
 rename ics-attack/relationship/{relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f.json => relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497.json} (92%)
 rename ics-attack/relationship/{relationship--8j9f95f0-4939-4e74-9073-70efddddff50.json => relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe.json} (94%)

diff --git a/ics-attack/ics-attack.json b/ics-attack/ics-attack.json
index a39707243c..03d5195f99 100644
--- a/ics-attack/ics-attack.json
+++ b/ics-attack/ics-attack.json
@@ -5206,7 +5206,7 @@
             "description": "[OilRig](https://collaborate.mitre.org/attackics/index.php/Group/G0010) utilized stolen credentials to gain access to victim machines.",
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "created": "2018-10-17T00:14:20.652Z",
-            "id": "relationship--8j9f95f0-4939-4e74-9073-70efddddff50",
+            "id": "relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe",
             "source_ref": "intrusion-set--4ca1929c-7d64-4aab-b849-badbfc0c760d",
             "modified": "2020-01-05T22:55:41.580Z",
             "object_marking_refs": [
@@ -10059,7 +10059,7 @@
             "target_ref": "attack-pattern--9a505987-ab05-4f46-a9a6-6441442eec3b",
             "source_ref": "course-of-action--20f6a9df-37c4-4e20-9e47-025983b1b39d",
             "modified": "2020-09-29T18:58:17.429Z",
-            "id": "relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f",
+            "id": "relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497",
             "type": "relationship",
             "created": "2020-09-21T17:59:24.739Z",
             "relationship_type": "mitigates",
diff --git a/ics-attack/relationship/relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f.json b/ics-attack/relationship/relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497.json
similarity index 92%
rename from ics-attack/relationship/relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f.json
rename to ics-attack/relationship/relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497.json
index f43e82a0f7..3cd98dd39e 100644
--- a/ics-attack/relationship/relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f.json
+++ b/ics-attack/relationship/relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497.json
@@ -8,7 +8,7 @@
             "target_ref": "attack-pattern--9a505987-ab05-4f46-a9a6-6441442eec3b",
             "source_ref": "course-of-action--20f6a9df-37c4-4e20-9e47-025983b1b39d",
             "modified": "2020-09-29T18:58:17.429Z",
-            "id": "relationship--a9c632fe0-2619-4e1a-a04b-018000644a0f",
+            "id": "relationship--b47dbc50-fd8f-4e5b-bb3d-e93b68bf5497",
             "type": "relationship",
             "created": "2020-09-21T17:59:24.739Z",
             "relationship_type": "mitigates",
diff --git a/ics-attack/relationship/relationship--8j9f95f0-4939-4e74-9073-70efddddff50.json b/ics-attack/relationship/relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe.json
similarity index 94%
rename from ics-attack/relationship/relationship--8j9f95f0-4939-4e74-9073-70efddddff50.json
rename to ics-attack/relationship/relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe.json
index 940d86d5a6..d312d743e9 100644
--- a/ics-attack/relationship/relationship--8j9f95f0-4939-4e74-9073-70efddddff50.json
+++ b/ics-attack/relationship/relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe.json
@@ -9,7 +9,7 @@
             "description": "[OilRig](https://collaborate.mitre.org/attackics/index.php/Group/G0010) utilized stolen credentials to gain access to victim machines.",
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "created": "2018-10-17T00:14:20.652Z",
-            "id": "relationship--8j9f95f0-4939-4e74-9073-70efddddff50",
+            "id": "relationship--f65a8ce8-90fa-4d92-a0dc-3ee544c541fe",
             "source_ref": "intrusion-set--4ca1929c-7d64-4aab-b849-badbfc0c760d",
             "modified": "2020-01-05T22:55:41.580Z",
             "object_marking_refs": [

From cb3ab35aeb92b78df5e5c6ed1671056c3f7a4a8b Mon Sep 17 00:00:00 2001
From: chrisante7 <caante@mitre.org>
Date: Thu, 12 Nov 2020 09:49:03 -0500
Subject: [PATCH 2/2] adjusted malware typo in
 relationship--50b3247a-ea71-455e-b299-f00666c05146 and deleted
 relationship--90818d25-6ece-4035-aece-62e489abef7d.json because it is a
 duplicate STIX object

---
 ics-attack/ics-attack.json                    | 21 --------------
 ...-50b3247a-ea71-455e-b299-f00666c05146.json |  2 +-
 ...-90818d25-6ece-4035-aece-62e489abef7d.json | 28 -------------------
 3 files changed, 1 insertion(+), 50 deletions(-)
 delete mode 100644 ics-attack/relationship/relationship--90818d25-6ece-4035-aece-62e489abef7d.json

diff --git a/ics-attack/ics-attack.json b/ics-attack/ics-attack.json
index 03d5195f99..8f0727d112 100644
--- a/ics-attack/ics-attack.json
+++ b/ics-attack/ics-attack.json
@@ -7232,27 +7232,6 @@
             ],
             "relationship_type": "uses"
         },
-        {
-            "type": "relationship",
-            "target_ref": "attack-pattern--ab390887-afc0-4715-826d-b1b167d522ae",
-            "description": "In states 3 and 4 [Stuxnet](https://collaborate.mitre.org/attackics/index.php/Software/S0010) sends two network bursts (done through the DP_SEND primitive). The data in the frames are instructions for the frequency converter drives.(Citation: Wired W32.Stuxnet Feb 2011)",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "created": "2017-12-14T16:46:06.044Z",
-            "id": "relationship--90818d25-6ece-4035-aece-62e489abef7d",
-            "source_ref": "malware--496bff4d-0700-4b28-b06f-f30a63002be7",
-            "modified": "2020-01-03T00:14:20.652Z",
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "external_references": [
-                {
-                    "source_name": "Wired W32.Stuxnet Feb 2011",
-                    "description": "Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017.",
-                    "url": "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf"
-                }
-            ],
-            "relationship_type": "uses"
-        },
         {
             "type": "relationship",
             "target_ref": "attack-pattern--a8cfd474-9358-464f-a169-9c6f099a8e8a",
diff --git a/ics-attack/relationship/relationship--50b3247a-ea71-455e-b299-f00666c05146.json b/ics-attack/relationship/relationship--50b3247a-ea71-455e-b299-f00666c05146.json
index b983797e47..bd6352a59e 100644
--- a/ics-attack/relationship/relationship--50b3247a-ea71-455e-b299-f00666c05146.json
+++ b/ics-attack/relationship/relationship--50b3247a-ea71-455e-b299-f00666c05146.json
@@ -10,7 +10,7 @@
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "created": "2017-12-14T16:46:06.044Z",
             "id": "relationship--50b3247a-ea71-455e-b299-f00666c05146",
-            "source_ref": "alware--496bff4d-0700-4b28-b06f-f30a63002be7",
+            "source_ref": "malware--496bff4d-0700-4b28-b06f-f30a63002be7",
             "modified": "2020-01-03T00:14:20.652Z",
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
diff --git a/ics-attack/relationship/relationship--90818d25-6ece-4035-aece-62e489abef7d.json b/ics-attack/relationship/relationship--90818d25-6ece-4035-aece-62e489abef7d.json
deleted file mode 100644
index bc55360209..0000000000
--- a/ics-attack/relationship/relationship--90818d25-6ece-4035-aece-62e489abef7d.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-    "type": "bundle",
-    "id": "bundle--01d649ed-865c-4b94-833e-d416565007ff",
-    "spec_version": "2.0",
-    "objects": [
-        {
-            "type": "relationship",
-            "target_ref": "attack-pattern--ab390887-afc0-4715-826d-b1b167d522ae",
-            "description": "In states 3 and 4 [Stuxnet](https://collaborate.mitre.org/attackics/index.php/Software/S0010) sends two network bursts (done through the DP_SEND primitive). The data in the frames are instructions for the frequency converter drives.(Citation: Wired W32.Stuxnet Feb 2011)",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "created": "2017-12-14T16:46:06.044Z",
-            "id": "relationship--90818d25-6ece-4035-aece-62e489abef7d",
-            "source_ref": "malware--496bff4d-0700-4b28-b06f-f30a63002be7",
-            "modified": "2020-01-03T00:14:20.652Z",
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "external_references": [
-                {
-                    "source_name": "Wired W32.Stuxnet Feb 2011",
-                    "description": "Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September 22, 2017.",
-                    "url": "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf"
-                }
-            ],
-            "relationship_type": "uses"
-        }
-    ]
-}
\ No newline at end of file