Fix Azure AD CSV Index and MITRE ATT&CK Navigator JSON (#3301)

Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>
2026-04-17 23:30:19 -04:00
parent 3d22e294da
commit aa9b3454fe
2 changed files with 11 additions and 11 deletions
@@ -13,6 +13,6 @@ Do {
    $TimeNow = Get-Date
    Resolve-DnsName -type $QueryType $Subdomain".$(Get-Random -Minimum 1 -Maximum 999999)."$Domain -QuickTimeout
    $Jitter = (Get-Random -Minimum -$C2Jitter -Maximum $C2Jitter) / 100 + 1
-    Start-Sleep -Seconds $C2Interval
+    Start-Sleep -Seconds ($C2Interval * $Jitter)
 }
 Until ($TimeNow -ge $RunEnd)
@@ -59,7 +59,7 @@ class AtomicRedTeamDocs
    generate_index_csv!  "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Indexes-CSV/office-365-index.csv", only_platform: /office-365/, attack_platform: /office/
    generate_index_csv!  "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Indexes-CSV/google-workspace-index.csv", only_platform: /google-workspace/, attack_platform: /identity/
    generate_index_csv!  "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Indexes-CSV/azure-ad-index.csv", only_platform: /azure-ad/, attack_platform: /identity/
-    generate_index_csv!  "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Indexes-CSV/azure-ad-index.csv", only_platform: /esxi/, attack_platform: /esxi/
+    generate_index_csv!  "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/Indexes-CSV/esxi-index.csv", only_platform: /esxi/, attack_platform: /esxi/
    generate_yaml_index! "#{File.dirname(File.dirname(__FILE__))}/atomics/Indexes/index.yaml"
    ["windows", "macos", "linux", "office-365", "azure-ad", "google-workspace", "saas", "iaas", "containers", "iaas:gcp", "iaas:azure", "iaas:aws", "esxi"].each do | platform|
@@ -241,10 +241,10 @@ class AtomicRedTeamDocs
    layer = {
      "name" => layer_name,
-      "versions" => {	"attack": "16",	"navigator": "5.1.0",	"layer": "4.5"	},
+      "versions" => {	"attack": "18",	"navigator": "5.3.0",	"layer": "4.5"	},
      "description" => layer_name + " MITRE ATT&CK Navigator Layer",
      "domain" => "enterprise-attack",
-      "filters"=> filters,    
+      "filters"=> filters,
      "gradient" => {
                  "colors" => ["#ffffff",
                               "#ce232e"
@@ -265,11 +265,11 @@ class AtomicRedTeamDocs
      "techniques" => techniques
    }
  end
-  
+
  #
  # Process the current technique and update the list
-  # 
+  #
  def update_techniquesList(current_technique, current_techniqueParent, techniques_list, atomic_yaml, comments)
    if not atomic_yaml['attack_technique'].include?(".") then
      tech_parent = techniques_list.find { |h| h["techniqueID"] == atomic_yaml['attack_technique'].split('.')[0] }
@@ -298,7 +298,7 @@ class AtomicRedTeamDocs
      techniques_list.push(current_technique)
    end
  end
-  
+
  #
  # Generates a MITRE ATT&CK Navigator Layer based on contributed techniques
  #
@@ -385,7 +385,7 @@ class AtomicRedTeamDocs
            win_technique['score'] += 1
            win_technique['comment'] += "- " + atomic['name'] + "\n"
          end
-          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /macos/} then 
+          if atomic['supported_platforms'].any? {|platform| platform.downcase =~ /macos/} then
            has_macos_tests = true
            macos_technique['score'] += 1
            macos_technique['comment'] += "- " + atomic['name'] + "\n"
@@ -441,7 +441,7 @@ class AtomicRedTeamDocs
            esxi_technique['comment'] += "- " + atomic['name'] + "\n"
          end
        end
-        
+
        # Update full Atomic Layer
        update_techniquesList(technique, techniqueParent, techniques, atomic_yaml, false)
        # Update all other Atomic Layers
@@ -483,9 +483,9 @@ class AtomicRedTeamDocs
        end
      end
    end
-    
+
    puts techniques_iaas_gcp
-    
+
    layer = get_layer techniques, "Atomic Red Team"
    layer_win = get_layer techniques_win, "Atomic Red Team (Windows)"
    layer_mac = get_layer techniques_mac, "Atomic Red Team (macOS)"