diff --git a/.github/workflows/update-heatmap.yml b/.github/workflows/update-heatmap.yml
index 8736c8072..89dac0a02 100644
--- a/.github/workflows/update-heatmap.yml
+++ b/.github/workflows/update-heatmap.yml
@@ -18,7 +18,7 @@ jobs:
run: pipx install sigma-cli
- name: Update Heatmap
- run: sigma analyze attack count ./other/sigma_attack_nav_coverage.json rule*
+ run: sigma analyze attack count --min-score 0 --max-score 20 --min-color '#66b1ffff' --max-color '#ff66f4ff' ./other/sigma_attack_nav_coverage.json rule*
- name: Create Pull Request
uses: peter-evans/create-pull-request@v5
diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json
index 069d6bf80..fc35ed8ec 100644
--- a/other/sigma_attack_nav_coverage.json
+++ b/other/sigma_attack_nav_coverage.json
@@ -9,11 +9,11 @@
"description": "Sigma coverage heatmap generated by Sigma CLI with score function count",
"gradient": {
"colors": [
- "#ffffff00",
- "#ff0000"
+ "#66b1ffff",
+ "#ff66f4ff"
],
"minValue": 0,
- "maxValue": 1352
+ "maxValue": 40
},
"techniques": [
{
@@ -61,9 +61,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1078",
- "tactic": "defense-evasion",
- "score": 60,
+ "techniqueID": "T1518.001",
+ "tactic": "discovery",
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -72,9 +72,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1078",
- "tactic": "persistence",
- "score": 60,
+ "techniqueID": "T1059",
+ "tactic": "execution",
+ "score": 91,
"color": "",
"comment": "",
"enabled": true,
@@ -83,64 +83,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1078",
- "tactic": "privilege-escalation",
- "score": 60,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078",
- "tactic": "initial-access",
- "score": 60,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.001",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.001",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.001",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.001",
- "tactic": "initial-access",
- "score": 3,
+ "techniqueID": "T1204",
+ "tactic": "execution",
+ "score": 10,
"color": "",
"comment": "",
"enabled": true,
@@ -151,6 +96,402 @@
{
"techniqueID": "T1140",
"tactic": "defense-evasion",
+ "score": 18,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.001",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.001",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.004",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.004",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1566",
+ "tactic": "initial-access",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1566.002",
+ "tactic": "initial-access",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.002",
+ "tactic": "execution",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1204.001",
+ "tactic": "execution",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1553",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.003",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.003",
+ "tactic": "persistence",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.003",
+ "tactic": "privilege-escalation",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.003",
+ "tactic": "initial-access",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1136.001",
+ "tactic": "persistence",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1490",
+ "tactic": "impact",
+ "score": 26,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1083",
+ "tactic": "discovery",
+ "score": 21,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1569.001",
+ "tactic": "execution",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1082",
+ "tactic": "discovery",
+ "score": 33,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078",
+ "tactic": "defense-evasion",
+ "score": 60,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078",
+ "tactic": "persistence",
+ "score": 60,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078",
+ "tactic": "privilege-escalation",
+ "score": 60,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078",
+ "tactic": "initial-access",
+ "score": 60,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.001",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.001",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.001",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.001",
+ "tactic": "initial-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1113",
+ "tactic": "collection",
+ "score": 10,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1049",
+ "tactic": "discovery",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1564.002",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1219.002",
+ "tactic": "command-and-control",
+ "score": 44,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053.003",
+ "tactic": "execution",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053.003",
+ "tactic": "persistence",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053.003",
+ "tactic": "privilege-escalation",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056.002",
+ "tactic": "collection",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056.002",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.007",
+ "tactic": "execution",
"score": 19,
"color": "",
"comment": "",
@@ -159,6 +500,138 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1071",
+ "tactic": "command-and-control",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1071.001",
+ "tactic": "command-and-control",
+ "score": 40,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1036.006",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1070.002",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1087.001",
+ "tactic": "discovery",
+ "score": 13,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1497.001",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1497.001",
+ "tactic": "discovery",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1069.001",
+ "tactic": "discovery",
+ "score": 16,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1030",
+ "tactic": "exfiltration",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1018",
+ "tactic": "discovery",
+ "score": 16,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027",
+ "tactic": "defense-evasion",
+ "score": 92,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552.003",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1529",
"tactic": "impact",
@@ -170,6 +643,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1036.003",
+ "tactic": "defense-evasion",
+ "score": 26,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1070.006",
+ "tactic": "defense-evasion",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1218",
"tactic": "defense-evasion",
@@ -215,31 +710,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1018",
- "tactic": "discovery",
- "score": 16,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1087.001",
- "tactic": "discovery",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1490",
- "tactic": "impact",
- "score": 25,
+ "techniqueID": "T1562.001",
+ "tactic": "defense-evasion",
+ "score": 109,
"color": "",
"comment": "",
"enabled": true,
@@ -269,193 +742,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1082",
- "tactic": "discovery",
- "score": 33,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1497.001",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1497.001",
- "tactic": "discovery",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1036.006",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056.002",
- "tactic": "collection",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056.002",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1219.002",
- "tactic": "command-and-control",
- "score": 44,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1036.003",
- "tactic": "defense-evasion",
- "score": 26,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.003",
- "tactic": "defense-evasion",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.003",
- "tactic": "persistence",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.003",
- "tactic": "privilege-escalation",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.003",
- "tactic": "initial-access",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070.006",
- "tactic": "defense-evasion",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1040",
- "tactic": "credential-access",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1040",
- "tactic": "discovery",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1049",
- "tactic": "discovery",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1518.001",
- "tactic": "discovery",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1189",
"tactic": "initial-access",
@@ -479,9 +765,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1059",
- "tactic": "execution",
- "score": 91,
+ "techniqueID": "T1133",
+ "tactic": "persistence",
+ "score": 15,
"color": "",
"comment": "",
"enabled": true,
@@ -490,9 +776,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1564.002",
- "tactic": "defense-evasion",
- "score": 4,
+ "techniqueID": "T1133",
+ "tactic": "initial-access",
+ "score": 15,
"color": "",
"comment": "",
"enabled": true,
@@ -501,31 +787,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1552.003",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.002",
- "tactic": "execution",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1069.001",
+ "techniqueID": "T1046",
"tactic": "discovery",
- "score": 16,
+ "score": 14,
"color": "",
"comment": "",
"enabled": true,
@@ -534,20 +798,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1555.001",
- "tactic": "credential-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1027.001",
- "tactic": "defense-evasion",
- "score": 3,
+ "techniqueID": "T1016",
+ "tactic": "discovery",
+ "score": 12,
"color": "",
"comment": "",
"enabled": true,
@@ -578,9 +831,31 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1083",
+ "techniqueID": "T1027.001",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1040",
+ "tactic": "credential-access",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1040",
"tactic": "discovery",
- "score": 21,
+ "score": 9,
"color": "",
"comment": "",
"enabled": true,
@@ -589,195 +864,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1113",
- "tactic": "collection",
- "score": 10,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.001",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.001",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.004",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.004",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1115",
- "tactic": "collection",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1016",
- "tactic": "discovery",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1136.001",
- "tactic": "persistence",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070.002",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1027",
- "tactic": "defense-evasion",
- "score": 92,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1566",
- "tactic": "initial-access",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1566.002",
- "tactic": "initial-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1204",
- "tactic": "execution",
- "score": 10,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1204.001",
- "tactic": "execution",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1553",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.007",
- "tactic": "execution",
- "score": 19,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.001",
- "tactic": "defense-evasion",
- "score": 111,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1569.001",
- "tactic": "execution",
+ "techniqueID": "T1555.001",
+ "tactic": "credential-access",
"score": 1,
"color": "",
"comment": "",
@@ -786,28 +874,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1133",
- "tactic": "persistence",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1133",
- "tactic": "initial-access",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1553.001",
"tactic": "defense-evasion",
@@ -820,9 +886,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1046",
- "tactic": "discovery",
- "score": 14,
+ "techniqueID": "T1115",
+ "tactic": "collection",
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -831,20 +897,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1030",
- "tactic": "exfiltration",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053.003",
+ "techniqueID": "T1053.002",
"tactic": "execution",
- "score": 7,
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -853,9 +908,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1053.003",
+ "techniqueID": "T1053.002",
"tactic": "persistence",
- "score": 7,
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -864,97 +919,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1053.003",
+ "techniqueID": "T1053.002",
"tactic": "privilege-escalation",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1071",
- "tactic": "command-and-control",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1071.001",
- "tactic": "command-and-control",
- "score": 40,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.003",
- "tactic": "persistence",
- "score": 45,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.003",
- "tactic": "privilege-escalation",
- "score": 45,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1068",
- "tactic": "privilege-escalation",
- "score": 26,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543",
- "tactic": "persistence",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543",
- "tactic": "privilege-escalation",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1599.001",
- "tactic": "defense-evasion",
- "score": 1,
+ "score": 8,
"color": "",
"comment": "",
"enabled": true,
@@ -985,20 +952,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1055.012",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.012",
- "tactic": "privilege-escalation",
- "score": 4,
+ "techniqueID": "T1187",
+ "tactic": "credential-access",
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -1028,6 +984,149 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1003.003",
+ "tactic": "credential-access",
+ "score": 23,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1047",
+ "tactic": "execution",
+ "score": 47,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1569.002",
+ "tactic": "execution",
+ "score": 42,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.002",
+ "tactic": "lateral-movement",
+ "score": 36,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1068",
+ "tactic": "privilege-escalation",
+ "score": 26,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1190",
+ "tactic": "initial-access",
+ "score": 132,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.006",
+ "tactic": "lateral-movement",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1210",
+ "tactic": "lateral-movement",
+ "score": 15,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1048.003",
+ "tactic": "exfiltration",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1048",
+ "tactic": "exfiltration",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1558.003",
+ "tactic": "credential-access",
+ "score": 16,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.004",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.004",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1003.001",
"tactic": "credential-access",
@@ -1040,7 +1139,326 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1003.006",
+ "techniqueID": "T1496",
+ "tactic": "impact",
+ "score": 13,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1095",
+ "tactic": "command-and-control",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1571",
+ "tactic": "command-and-control",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.001",
+ "tactic": "lateral-movement",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1595.002",
+ "tactic": "reconnaissance",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1071.004",
+ "tactic": "command-and-control",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1102.002",
+ "tactic": "command-and-control",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1567",
+ "tactic": "exfiltration",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1110",
+ "tactic": "credential-access",
+ "score": 24,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1557",
+ "tactic": "credential-access",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1557",
+ "tactic": "collection",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1098",
+ "tactic": "persistence",
+ "score": 29,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1098",
+ "tactic": "privilege-escalation",
+ "score": 29,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1495",
+ "tactic": "impact",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1565.001",
+ "tactic": "impact",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1505",
+ "tactic": "persistence",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1565.002",
+ "tactic": "impact",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053",
+ "tactic": "execution",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053",
+ "tactic": "persistence",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1053",
+ "tactic": "privilege-escalation",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1201",
+ "tactic": "discovery",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1057",
+ "tactic": "discovery",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1033",
+ "tactic": "discovery",
+ "score": 31,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1124",
+ "tactic": "discovery",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1070.004",
+ "tactic": "defense-evasion",
+ "score": 15,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1561.001",
+ "tactic": "impact",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1561.002",
+ "tactic": "impact",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1005",
+ "tactic": "collection",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1553.004",
+ "tactic": "defense-evasion",
+ "score": 10,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552.004",
"tactic": "credential-access",
"score": 7,
"color": "",
@@ -1051,7 +1469,238 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1554",
+ "techniqueID": "T1070.003",
+ "tactic": "defense-evasion",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1074",
+ "tactic": "collection",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1112",
+ "tactic": "defense-evasion",
+ "score": 85,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1112",
+ "tactic": "persistence",
+ "score": 85,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1087",
+ "tactic": "discovery",
+ "score": 15,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.003",
+ "tactic": "lateral-movement",
+ "score": 10,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1090",
+ "tactic": "command-and-control",
+ "score": 22,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021",
+ "tactic": "lateral-movement",
+ "score": 10,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1003",
+ "tactic": "credential-access",
+ "score": 32,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1213",
+ "tactic": "collection",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1041",
+ "tactic": "exfiltration",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1498",
+ "tactic": "impact",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1123",
+ "tactic": "collection",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1069.003",
+ "tactic": "discovery",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1087.004",
+ "tactic": "discovery",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552.007",
+ "tactic": "credential-access",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1611",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1036.005",
+ "tactic": "defense-evasion",
+ "score": 15,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552",
+ "tactic": "credential-access",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1070",
+ "tactic": "defense-evasion",
+ "score": 19,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1609",
+ "tactic": "execution",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1136",
"tactic": "persistence",
"score": 3,
"color": "",
@@ -1062,9 +1711,174 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1187",
+ "techniqueID": "T1505.003",
+ "tactic": "persistence",
+ "score": 32,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1221",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1197",
+ "tactic": "defense-evasion",
+ "score": 17,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1197",
+ "tactic": "persistence",
+ "score": 17,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1102.001",
+ "tactic": "command-and-control",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1102.003",
+ "tactic": "command-and-control",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1568",
+ "tactic": "command-and-control",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1567.002",
+ "tactic": "exfiltration",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1584",
+ "tactic": "resource-development",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056",
+ "tactic": "collection",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056",
"tactic": "credential-access",
- "score": 6,
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1590",
+ "tactic": "reconnaissance",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1499.004",
+ "tactic": "impact",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1482",
+ "tactic": "discovery",
+ "score": 17,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1572",
+ "tactic": "command-and-control",
+ "score": 24,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1090.003",
+ "tactic": "command-and-control",
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -1095,414 +1909,7 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1482",
- "tactic": "discovery",
- "score": 17,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1567.002",
- "tactic": "exfiltration",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056",
- "tactic": "collection",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056",
- "tactic": "credential-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1071.004",
- "tactic": "command-and-control",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1210",
- "tactic": "lateral-movement",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1590",
- "tactic": "reconnaissance",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1090.003",
- "tactic": "command-and-control",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.011",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.011",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1106",
- "tactic": "execution",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548",
- "tactic": "privilege-escalation",
- "score": 20,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548",
- "tactic": "defense-evasion",
- "score": 20,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.002",
- "tactic": "defense-evasion",
- "score": 23,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548.002",
- "tactic": "privilege-escalation",
- "score": 54,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548.002",
- "tactic": "defense-evasion",
- "score": 54,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.003",
- "tactic": "defense-evasion",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.003",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.003",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.001",
- "tactic": "execution",
- "score": 216,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.006",
- "tactic": "lateral-movement",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055",
- "tactic": "defense-evasion",
- "score": 31,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055",
- "tactic": "privilege-escalation",
- "score": 31,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.011",
- "tactic": "defense-evasion",
- "score": 43,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1555.005",
- "tactic": "credential-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.001",
- "tactic": "defense-evasion",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1055.001",
- "tactic": "privilege-escalation",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.005",
- "tactic": "execution",
- "score": 21,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.005",
- "tactic": "defense-evasion",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1127",
- "tactic": "defense-evasion",
- "score": 19,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1047",
- "tactic": "execution",
- "score": 47,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.003",
- "tactic": "privilege-escalation",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.003",
- "tactic": "persistence",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1006",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070.001",
- "tactic": "defense-evasion",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1003.003",
- "tactic": "credential-access",
- "score": 23,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552.006",
- "tactic": "credential-access",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1176",
+ "techniqueID": "T1554",
"tactic": "persistence",
"score": 3,
"color": "",
@@ -1512,589 +1919,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1070",
- "tactic": "defense-evasion",
- "score": 19,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1542.003",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1542.003",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1110",
- "tactic": "credential-access",
- "score": 24,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1110.001",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1216",
- "tactic": "defense-evasion",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1090.001",
- "tactic": "command-and-control",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1087.002",
- "tactic": "discovery",
- "score": 21,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1069.002",
- "tactic": "discovery",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1553.004",
- "tactic": "defense-evasion",
- "score": 10,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1202",
- "tactic": "defense-evasion",
- "score": 37,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1036",
- "tactic": "defense-evasion",
- "score": 41,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1012",
- "tactic": "discovery",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.001",
- "tactic": "persistence",
- "score": 87,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.001",
- "tactic": "privilege-escalation",
- "score": 87,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.001",
- "tactic": "defense-evasion",
- "score": 87,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098",
- "tactic": "persistence",
- "score": 29,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098",
- "tactic": "privilege-escalation",
- "score": 29,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1197",
- "tactic": "defense-evasion",
- "score": 17,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1197",
- "tactic": "persistence",
- "score": 17,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.002",
- "tactic": "lateral-movement",
- "score": 36,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.001",
- "tactic": "defense-evasion",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.001",
- "tactic": "privilege-escalation",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.002",
- "tactic": "defense-evasion",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.002",
- "tactic": "privilege-escalation",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.004",
- "tactic": "defense-evasion",
- "score": 29,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.002",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.002",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556.002",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1190",
- "tactic": "initial-access",
- "score": 134,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.013",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1036.005",
- "tactic": "defense-evasion",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1072",
- "tactic": "execution",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1072",
- "tactic": "lateral-movement",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.008",
- "tactic": "defense-evasion",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1003",
- "tactic": "credential-access",
- "score": 32,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547",
- "tactic": "persistence",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547",
- "tactic": "privilege-escalation",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1505.003",
- "tactic": "persistence",
- "score": 32,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1033",
- "tactic": "discovery",
- "score": 31,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1087",
- "tactic": "discovery",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1489",
- "tactic": "impact",
- "score": 19,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1112",
- "tactic": "defense-evasion",
- "score": 85,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1112",
- "tactic": "persistence",
- "score": 85,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562",
- "tactic": "defense-evasion",
- "score": 24,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1486",
- "tactic": "impact",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1555",
- "tactic": "credential-access",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1539",
- "tactic": "credential-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1555.003",
- "tactic": "credential-access",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1005",
- "tactic": "collection",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1564.006",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1564",
"tactic": "defense-evasion",
@@ -2107,9 +1931,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1558.003",
- "tactic": "credential-access",
- "score": 16,
+ "techniqueID": "T1106",
+ "tactic": "execution",
+ "score": 14,
"color": "",
"comment": "",
"enabled": true,
@@ -2118,7 +1942,150 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1218.009",
+ "techniqueID": "T1562.002",
+ "tactic": "defense-evasion",
+ "score": 23,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.001",
+ "tactic": "execution",
+ "score": 216,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548.002",
+ "tactic": "privilege-escalation",
+ "score": 54,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548.002",
+ "tactic": "defense-evasion",
+ "score": 54,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.003",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.003",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.011",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.011",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1218.003",
+ "tactic": "defense-evasion",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548",
+ "tactic": "privilege-escalation",
+ "score": 20,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548",
+ "tactic": "defense-evasion",
+ "score": 20,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1176.001",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1615",
+ "tactic": "discovery",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1484.001",
"tactic": "defense-evasion",
"score": 4,
"color": "",
@@ -2128,6 +2095,61 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1484.001",
+ "tactic": "privilege-escalation",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1216",
+ "tactic": "defense-evasion",
+ "score": 13,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1564.001",
+ "tactic": "defense-evasion",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1588.002",
+ "tactic": "resource-development",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1218.011",
+ "tactic": "defense-evasion",
+ "score": 43,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1053.005",
"tactic": "execution",
@@ -2162,7 +2184,40 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1027.004",
+ "techniqueID": "T1218.008",
+ "tactic": "defense-evasion",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.001",
+ "tactic": "defense-evasion",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.001",
+ "tactic": "privilege-escalation",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.002",
"tactic": "defense-evasion",
"score": 6,
"color": "",
@@ -2173,20 +2228,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1037.001",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1037.001",
+ "techniqueID": "T1134.002",
"tactic": "privilege-escalation",
- "score": 3,
+ "score": 6,
"color": "",
"comment": "",
"enabled": true,
@@ -2195,74 +2239,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1595",
- "tactic": "reconnaissance",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.003",
- "tactic": "execution",
- "score": 35,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1090",
- "tactic": "command-and-control",
- "score": 22,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1526",
- "tactic": "discovery",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1491.001",
- "tactic": "impact",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552.004",
- "tactic": "credential-access",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1003.005",
- "tactic": "credential-access",
+ "techniqueID": "T1218.005",
+ "tactic": "defense-evasion",
"score": 8,
"color": "",
"comment": "",
@@ -2271,171 +2249,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1567",
- "tactic": "exfiltration",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053",
- "tactic": "execution",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053",
- "tactic": "persistence",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053",
- "tactic": "privilege-escalation",
- "score": 12,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1649",
- "tactic": "credential-access",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1485",
- "tactic": "impact",
- "score": 20,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1216.001",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1564.003",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1608",
- "tactic": "resource-development",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1560",
- "tactic": "collection",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.001",
- "tactic": "persistence",
- "score": 37,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.001",
- "tactic": "privilege-escalation",
- "score": 37,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.005",
- "tactic": "lateral-movement",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1123",
- "tactic": "collection",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1587.001",
- "tactic": "resource-development",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1132.001",
"tactic": "command-and-control",
@@ -2447,6 +2260,50 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1036",
+ "tactic": "defense-evasion",
+ "score": 41,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1127",
+ "tactic": "defense-evasion",
+ "score": 19,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1562",
+ "tactic": "defense-evasion",
+ "score": 24,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1216.001",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1102",
"tactic": "command-and-control",
@@ -2459,42 +2316,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1572",
- "tactic": "command-and-control",
- "score": 22,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1218.001",
- "tactic": "defense-evasion",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.008",
- "tactic": "privilege-escalation",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.008",
+ "techniqueID": "T1543.003",
"tactic": "persistence",
- "score": 6,
+ "score": 45,
"color": "",
"comment": "",
"enabled": true,
@@ -2503,42 +2327,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1021",
- "tactic": "lateral-movement",
- "score": 10,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1027.005",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.011",
- "tactic": "persistence",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.011",
+ "techniqueID": "T1543.003",
"tactic": "privilege-escalation",
- "score": 11,
+ "score": 45,
"color": "",
"comment": "",
"enabled": true,
@@ -2547,20 +2338,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1574.011",
+ "techniqueID": "T1070.001",
"tactic": "defense-evasion",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1048.003",
- "tactic": "exfiltration",
- "score": 8,
+ "score": 7,
"color": "",
"comment": "",
"enabled": true,
@@ -2579,72 +2359,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1593.003",
- "tactic": "reconnaissance",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070.004",
- "tactic": "defense-evasion",
- "score": 15,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574",
- "tactic": "persistence",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574",
- "tactic": "privilege-escalation",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574",
- "tactic": "defense-evasion",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1590.001",
- "tactic": "reconnaissance",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1218.002",
"tactic": "defense-evasion",
@@ -2679,9 +2393,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1027.003",
- "tactic": "defense-evasion",
- "score": 5,
+ "techniqueID": "T1059.003",
+ "tactic": "execution",
+ "score": 35,
"color": "",
"comment": "",
"enabled": true,
@@ -2690,19 +2404,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1135",
- "tactic": "discovery",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1217",
- "tactic": "discovery",
+ "techniqueID": "T1546.007",
+ "tactic": "privilege-escalation",
"score": 4,
"color": "",
"comment": "",
@@ -2712,30 +2415,19 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1528",
+ "techniqueID": "T1546.007",
+ "tactic": "persistence",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552.006",
"tactic": "credential-access",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1104",
- "tactic": "command-and-control",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1587",
- "tactic": "resource-development",
"score": 6,
"color": "",
"comment": "",
@@ -2744,325 +2436,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1053.002",
- "tactic": "execution",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053.002",
- "tactic": "persistence",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1053.002",
- "tactic": "privilege-escalation",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.001",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.001",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1048",
- "tactic": "exfiltration",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1570",
- "tactic": "lateral-movement",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1569.002",
- "tactic": "execution",
- "score": 42,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.005",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.005",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.005",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550.003",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550.003",
- "tactic": "lateral-movement",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1564.001",
- "tactic": "defense-evasion",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.003",
- "tactic": "lateral-movement",
- "score": 10,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.001",
- "tactic": "lateral-movement",
- "score": 14,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1007",
- "tactic": "discovery",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1542.001",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1542.001",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1563.002",
- "tactic": "lateral-movement",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1185",
- "tactic": "collection",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.002",
- "tactic": "privilege-escalation",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.002",
- "tactic": "persistence",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1615",
- "tactic": "discovery",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1496",
- "tactic": "impact",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1588.002",
- "tactic": "resource-development",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.015",
- "tactic": "privilege-escalation",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.015",
- "tactic": "persistence",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.006",
- "tactic": "defense-evasion",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1562.010",
"tactic": "defense-evasion",
@@ -3075,7 +2448,172 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1222.001",
+ "techniqueID": "T1090.001",
+ "tactic": "command-and-control",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1202",
+ "tactic": "defense-evasion",
+ "score": 37,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.005",
+ "tactic": "execution",
+ "score": 21,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1562.004",
+ "tactic": "defense-evasion",
+ "score": 29,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1087.002",
+ "tactic": "discovery",
+ "score": 21,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.008",
+ "tactic": "privilege-escalation",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.008",
+ "tactic": "persistence",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1220",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1012",
+ "tactic": "discovery",
+ "score": 13,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1007",
+ "tactic": "discovery",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1552.002",
+ "tactic": "credential-access",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.001",
+ "tactic": "defense-evasion",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.001",
+ "tactic": "privilege-escalation",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1563.002",
+ "tactic": "lateral-movement",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1587.001",
+ "tactic": "resource-development",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1218.009",
"tactic": "defense-evasion",
"score": 4,
"color": "",
@@ -3097,7 +2635,40 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1124",
+ "techniqueID": "T1546.011",
+ "tactic": "privilege-escalation",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.011",
+ "tactic": "persistence",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1485",
+ "tactic": "impact",
+ "score": 20,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1526",
"tactic": "discovery",
"score": 3,
"color": "",
@@ -3107,6 +2678,457 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1518",
+ "tactic": "discovery",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1555",
+ "tactic": "credential-access",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1555.003",
+ "tactic": "credential-access",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1037.001",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1037.001",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1649",
+ "tactic": "credential-access",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1069.002",
+ "tactic": "discovery",
+ "score": 15,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1074.001",
+ "tactic": "collection",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574",
+ "tactic": "persistence",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574",
+ "tactic": "privilege-escalation",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574",
+ "tactic": "defense-evasion",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.011",
+ "tactic": "persistence",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.011",
+ "tactic": "privilege-escalation",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.011",
+ "tactic": "defense-evasion",
+ "score": 11,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027.005",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1555.004",
+ "tactic": "credential-access",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1218.013",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027.009",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1135",
+ "tactic": "discovery",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1222.001",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.003",
+ "tactic": "privilege-escalation",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.003",
+ "tactic": "persistence",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1217",
+ "tactic": "discovery",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1185",
+ "tactic": "collection",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.001",
+ "tactic": "persistence",
+ "score": 88,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.001",
+ "tactic": "privilege-escalation",
+ "score": 88,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.001",
+ "tactic": "defense-evasion",
+ "score": 88,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1486",
+ "tactic": "impact",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.005",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.005",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.005",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1114",
+ "tactic": "collection",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1528",
+ "tactic": "credential-access",
+ "score": 14,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547",
+ "tactic": "persistence",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547",
+ "tactic": "privilege-escalation",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.003",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.003",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055",
+ "tactic": "defense-evasion",
+ "score": 31,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055",
+ "tactic": "privilege-escalation",
+ "score": 31,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543",
+ "tactic": "persistence",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543",
+ "tactic": "privilege-escalation",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1614.001",
"tactic": "discovery",
@@ -3118,6 +3140,578 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1539",
+ "tactic": "credential-access",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.004",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.004",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1564.003",
+ "tactic": "defense-evasion",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027.004",
+ "tactic": "defense-evasion",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1110.001",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1560",
+ "tactic": "collection",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1590.001",
+ "tactic": "reconnaissance",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.004",
+ "tactic": "lateral-movement",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1587",
+ "tactic": "resource-development",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1003.005",
+ "tactic": "credential-access",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.002",
+ "tactic": "privilege-escalation",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.002",
+ "tactic": "persistence",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1218.001",
+ "tactic": "defense-evasion",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1562.006",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1505.004",
+ "tactic": "persistence",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027.010",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.015",
+ "tactic": "privilege-escalation",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.015",
+ "tactic": "persistence",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1072",
+ "tactic": "execution",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1072",
+ "tactic": "lateral-movement",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1608",
+ "tactic": "resource-development",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1489",
+ "tactic": "impact",
+ "score": 19,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1039",
+ "tactic": "collection",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.005",
+ "tactic": "lateral-movement",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.012",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1055.012",
+ "tactic": "privilege-escalation",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.006",
+ "tactic": "execution",
+ "score": 8,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1564.006",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.008",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.008",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.008",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1569",
+ "tactic": "execution",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1570",
+ "tactic": "lateral-movement",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1542.003",
+ "tactic": "persistence",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1542.003",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1036.002",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556.002",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556.002",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556.002",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.001",
+ "tactic": "privilege-escalation",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.001",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1505.002",
+ "tactic": "persistence",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1120",
+ "tactic": "discovery",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.001",
+ "tactic": "persistence",
+ "score": 37,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.001",
+ "tactic": "privilege-escalation",
+ "score": 37,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1048.001",
+ "tactic": "exfiltration",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1620",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1622",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1622",
+ "tactic": "discovery",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1505.005",
"tactic": "persistence",
@@ -3162,28 +3756,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1546.007",
- "tactic": "privilege-escalation",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.007",
- "tactic": "persistence",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1547.014",
"tactic": "persistence",
@@ -3251,9 +3823,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1557",
+ "techniqueID": "T1110.002",
"tactic": "credential-access",
- "score": 5,
+ "score": 1,
"color": "",
"comment": "",
"enabled": true,
@@ -3262,63 +3834,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1557",
- "tactic": "collection",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1518",
- "tactic": "discovery",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1027.009",
+ "techniqueID": "T1211",
"tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1074.001",
- "tactic": "collection",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1484.001",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1484.001",
- "tactic": "privilege-escalation",
"score": 4,
"color": "",
"comment": "",
@@ -3339,8 +3856,30 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1057",
- "tactic": "discovery",
+ "techniqueID": "T1593.003",
+ "tactic": "reconnaissance",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1491.001",
+ "tactic": "impact",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1003.006",
+ "tactic": "credential-access",
"score": 7,
"color": "",
"comment": "",
@@ -3349,270 +3888,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1048.001",
- "tactic": "exfiltration",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1201",
- "tactic": "discovery",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1622",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1622",
- "tactic": "discovery",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.004",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.004",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1620",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552",
- "tactic": "credential-access",
- "score": 11,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1114",
- "tactic": "collection",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1220",
- "tactic": "defense-evasion",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1505.002",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552.002",
- "tactic": "credential-access",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1555.004",
- "tactic": "credential-access",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1027.010",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.006",
- "tactic": "execution",
- "score": 8,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.008",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.008",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.008",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1069",
- "tactic": "discovery",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.003",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.003",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.004",
- "tactic": "lateral-movement",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1095",
- "tactic": "command-and-control",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1120",
- "tactic": "discovery",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1036.007",
"tactic": "defense-evasion",
@@ -3624,72 +3899,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1070.005",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1036.002",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1110.002",
- "tactic": "credential-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1569",
- "tactic": "execution",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1505.004",
- "tactic": "persistence",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1211",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1212",
"tactic": "credential-access",
@@ -3702,9 +3911,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1546.011",
- "tactic": "privilege-escalation",
- "score": 6,
+ "techniqueID": "T1069",
+ "tactic": "discovery",
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -3713,9 +3922,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1546.011",
- "tactic": "persistence",
- "score": 6,
+ "techniqueID": "T1550.003",
+ "tactic": "defense-evasion",
+ "score": 4,
"color": "",
"comment": "",
"enabled": true,
@@ -3724,8 +3933,19 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1039",
- "tactic": "collection",
+ "techniqueID": "T1550.003",
+ "tactic": "lateral-movement",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1595",
+ "tactic": "reconnaissance",
"score": 2,
"color": "",
"comment": "",
@@ -3735,7 +3955,62 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1027.002",
+ "techniqueID": "T1104",
+ "tactic": "command-and-control",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1070.005",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1542.001",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1542.001",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1027.003",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1006",
"tactic": "defense-evasion",
"score": 1,
"color": "",
@@ -3757,9 +4032,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1571",
- "tactic": "command-and-control",
- "score": 5,
+ "techniqueID": "T1567.001",
+ "tactic": "exfiltration",
+ "score": 1,
"color": "",
"comment": "",
"enabled": true,
@@ -3778,17 +4053,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1102.001",
- "tactic": "command-and-control",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1127.001",
"tactic": "defense-evasion",
@@ -3800,28 +4064,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1567.001",
- "tactic": "exfiltration",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1041",
- "tactic": "exfiltration",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1090.002",
"tactic": "command-and-control",
@@ -3834,8 +4076,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1590.002",
- "tactic": "reconnaissance",
+ "techniqueID": "T1027.002",
+ "tactic": "defense-evasion",
"score": 1,
"color": "",
"comment": "",
@@ -3845,8 +4087,30 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1200",
- "tactic": "initial-access",
+ "techniqueID": "T1555.005",
+ "tactic": "credential-access",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1599.001",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.013",
+ "tactic": "privilege-escalation",
"score": 3,
"color": "",
"comment": "",
@@ -3856,9 +4120,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1550.002",
- "tactic": "defense-evasion",
- "score": 6,
+ "techniqueID": "T1546.013",
+ "tactic": "persistence",
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -3867,9 +4131,9 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1550.002",
- "tactic": "lateral-movement",
- "score": 6,
+ "techniqueID": "T1547.015",
+ "tactic": "persistence",
+ "score": 1,
"color": "",
"comment": "",
"enabled": true,
@@ -3878,8 +4142,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1010",
- "tactic": "discovery",
+ "techniqueID": "T1547.015",
+ "tactic": "privilege-escalation",
"score": 1,
"color": "",
"comment": "",
@@ -3899,28 +4163,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1207",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1553.002",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1547.009",
"tactic": "persistence",
@@ -3943,457 +4185,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1091",
- "tactic": "lateral-movement",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1091",
- "tactic": "initial-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "credential-access",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "defense-evasion",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1556",
- "tactic": "persistence",
- "score": 13,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1001.003",
- "tactic": "command-and-control",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.005",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1134.005",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1557.003",
- "tactic": "credential-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1557.003",
- "tactic": "collection",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1531",
- "tactic": "impact",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1584",
- "tactic": "resource-development",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1499.001",
- "tactic": "impact",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1499.004",
- "tactic": "impact",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1588",
- "tactic": "resource-development",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.002",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.002",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.002",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1078.002",
- "tactic": "initial-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550",
- "tactic": "defense-evasion",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550",
- "tactic": "lateral-movement",
- "score": 5,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1070.003",
- "tactic": "defense-evasion",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1137.006",
- "tactic": "persistence",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.012",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.012",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1574.012",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056.001",
- "tactic": "collection",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1056.001",
- "tactic": "credential-access",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.004",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.004",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1020",
- "tactic": "exfiltration",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1589.002",
- "tactic": "reconnaissance",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1114.001",
- "tactic": "collection",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.013",
- "tactic": "privilege-escalation",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.013",
- "tactic": "persistence",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1553.005",
- "tactic": "defense-evasion",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1222",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1565",
- "tactic": "impact",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1573",
- "tactic": "command-and-control",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.015",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.015",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1137",
"tactic": "persistence",
@@ -4438,6 +4229,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1001.003",
+ "tactic": "command-and-control",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1137.006",
+ "tactic": "persistence",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1137.003",
"tactic": "persistence",
@@ -4449,6 +4262,314 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1200",
+ "tactic": "initial-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1590.002",
+ "tactic": "reconnaissance",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550.002",
+ "tactic": "defense-evasion",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550.002",
+ "tactic": "lateral-movement",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1207",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1553.002",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1531",
+ "tactic": "impact",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1010",
+ "tactic": "discovery",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556",
+ "tactic": "credential-access",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556",
+ "tactic": "defense-evasion",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1556",
+ "tactic": "persistence",
+ "score": 12,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1557.003",
+ "tactic": "credential-access",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1557.003",
+ "tactic": "collection",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1091",
+ "tactic": "lateral-movement",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1091",
+ "tactic": "initial-access",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.005",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1134.005",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550",
+ "tactic": "defense-evasion",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550",
+ "tactic": "lateral-movement",
+ "score": 5,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.002",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.002",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.002",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1078.002",
+ "tactic": "initial-access",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1588",
+ "tactic": "resource-development",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1499.001",
+ "tactic": "impact",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.012",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.012",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1574.012",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1546.009",
"tactic": "privilege-escalation",
@@ -4471,6 +4592,72 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1546.012",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.012",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1559.002",
+ "tactic": "execution",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.003",
+ "tactic": "persistence",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.003",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1553.003",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1547.008",
"tactic": "persistence",
@@ -4494,8 +4681,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1547.005",
- "tactic": "persistence",
+ "techniqueID": "T1546.010",
+ "tactic": "privilege-escalation",
"score": 1,
"color": "",
"comment": "",
@@ -4505,8 +4692,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1547.005",
- "tactic": "privilege-escalation",
+ "techniqueID": "T1546.010",
+ "tactic": "persistence",
"score": 1,
"color": "",
"comment": "",
@@ -4527,18 +4714,7 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1546.010",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.010",
+ "techniqueID": "T1547.005",
"tactic": "persistence",
"score": 1,
"color": "",
@@ -4549,18 +4725,7 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1547.003",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.003",
+ "techniqueID": "T1547.005",
"tactic": "privilege-escalation",
"score": 1,
"color": "",
@@ -4571,41 +4736,151 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1559.002",
- "tactic": "execution",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.012",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.012",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1553.003",
+ "techniqueID": "T1553.005",
"tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1573",
+ "tactic": "command-and-control",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056.001",
+ "tactic": "collection",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1056.001",
+ "tactic": "credential-access",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1589.002",
+ "tactic": "reconnaissance",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1222",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1114.001",
+ "tactic": "collection",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1565",
+ "tactic": "impact",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1020",
+ "tactic": "exfiltration",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.006",
+ "tactic": "persistence",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1547.006",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1222.002",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.002",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1543.002",
+ "tactic": "privilege-escalation",
"score": 2,
"color": "",
"comment": "",
@@ -4625,6 +4900,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1546.004",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1546.004",
+ "tactic": "persistence",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1055.009",
"tactic": "defense-evasion",
@@ -4647,17 +4944,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1222.002",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1574.006",
"tactic": "persistence",
@@ -4691,50 +4977,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1543.002",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1543.002",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.006",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1547.006",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1499",
"tactic": "impact",
@@ -4746,50 +4988,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1546.004",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1546.004",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1565.001",
- "tactic": "impact",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1059.012",
- "tactic": "execution",
- "score": 9,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1548.001",
"tactic": "privilege-escalation",
@@ -4812,50 +5010,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1592.004",
- "tactic": "reconnaissance",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1014",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548.003",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1548.003",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1562.003",
"tactic": "defense-evasion",
@@ -4868,8 +5022,19 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1136",
- "tactic": "persistence",
+ "techniqueID": "T1059.012",
+ "tactic": "execution",
+ "score": 9,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1592.004",
+ "tactic": "reconnaissance",
"score": 3,
"color": "",
"comment": "",
@@ -4878,6 +5043,39 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1548.003",
+ "tactic": "privilege-escalation",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1548.003",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1014",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1588.001",
"tactic": "resource-development",
@@ -4900,83 +5098,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1102.003",
- "tactic": "command-and-control",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1568",
- "tactic": "command-and-control",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1102.002",
- "tactic": "command-and-control",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1221",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1505.001",
- "tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.003",
- "tactic": "persistence",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.003",
- "tactic": "privilege-escalation",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1098.001",
"tactic": "persistence",
@@ -5002,7 +5123,7 @@
{
"techniqueID": "T1556.006",
"tactic": "credential-access",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5013,7 +5134,7 @@
{
"techniqueID": "T1556.006",
"tactic": "defense-evasion",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5024,18 +5145,7 @@
{
"techniqueID": "T1556.006",
"tactic": "persistence",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1586.003",
- "tactic": "resource-development",
- "score": 1,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5087,6 +5197,50 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1098.003",
+ "tactic": "persistence",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1098.003",
+ "tactic": "privilege-escalation",
+ "score": 7,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1586.003",
+ "tactic": "resource-development",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1537",
+ "tactic": "exfiltration",
+ "score": 6,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1213.003",
"tactic": "collection",
@@ -5101,161 +5255,7 @@
{
"techniqueID": "T1136.003",
"tactic": "persistence",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1537",
- "tactic": "exfiltration",
- "score": 6,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1606",
- "tactic": "credential-access",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1484",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1484",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.005",
- "tactic": "persistence",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1098.005",
- "tactic": "privilege-escalation",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1087.004",
- "tactic": "discovery",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1621",
- "tactic": "credential-access",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1578",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1562.007",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1552.007",
- "tactic": "credential-access",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1578.003",
- "tactic": "defense-evasion",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1213",
- "tactic": "collection",
- "score": 7,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1591.004",
- "tactic": "reconnaissance",
- "score": 2,
+ "score": 3,
"color": "",
"comment": "",
"enabled": true,
@@ -5275,8 +5275,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1074",
- "tactic": "collection",
+ "techniqueID": "T1591.004",
+ "tactic": "reconnaissance",
"score": 2,
"color": "",
"comment": "",
@@ -5285,6 +5285,28 @@
"links": [],
"showSubtechniques": false
},
+ {
+ "techniqueID": "T1484.002",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1484.002",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
{
"techniqueID": "T1199",
"tactic": "initial-access",
@@ -5297,8 +5319,63 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1580",
- "tactic": "discovery",
+ "techniqueID": "T1562.007",
+ "tactic": "defense-evasion",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1562.008",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550.001",
+ "tactic": "defense-evasion",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1550.001",
+ "tactic": "lateral-movement",
+ "score": 4,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1059.009",
+ "tactic": "execution",
+ "score": 3,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1021.007",
+ "tactic": "lateral-movement",
"score": 1,
"color": "",
"comment": "",
@@ -5319,62 +5396,7 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1059.009",
- "tactic": "execution",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550.001",
- "tactic": "defense-evasion",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1550.001",
- "tactic": "lateral-movement",
- "score": 4,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1021.007",
- "tactic": "lateral-movement",
- "score": 1,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1498",
- "tactic": "impact",
- "score": 3,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1069.003",
+ "techniqueID": "T1580",
"tactic": "discovery",
"score": 1,
"color": "",
@@ -5385,30 +5407,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1611",
- "tactic": "privilege-escalation",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1609",
- "tactic": "execution",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
- {
- "techniqueID": "T1595.002",
- "tactic": "reconnaissance",
+ "techniqueID": "T1619",
+ "tactic": "discovery",
"score": 1,
"color": "",
"comment": "",
@@ -5418,7 +5418,51 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1505",
+ "techniqueID": "T1606",
+ "tactic": "credential-access",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1114.003",
+ "tactic": "collection",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1484",
+ "tactic": "defense-evasion",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1484",
+ "tactic": "privilege-escalation",
+ "score": 1,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1098.005",
"tactic": "persistence",
"score": 1,
"color": "",
@@ -5429,8 +5473,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1565.002",
- "tactic": "impact",
+ "techniqueID": "T1098.005",
+ "tactic": "privilege-escalation",
"score": 1,
"color": "",
"comment": "",
@@ -5440,8 +5484,19 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1561.001",
- "tactic": "impact",
+ "techniqueID": "T1621",
+ "tactic": "credential-access",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1578.003",
+ "tactic": "defense-evasion",
"score": 1,
"color": "",
"comment": "",
@@ -5451,8 +5506,8 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1561.002",
- "tactic": "impact",
+ "techniqueID": "T1578",
+ "tactic": "defense-evasion",
"score": 1,
"color": "",
"comment": "",
@@ -5462,8 +5517,30 @@
"showSubtechniques": false
},
{
- "techniqueID": "T1495",
- "tactic": "impact",
+ "techniqueID": "T1505.001",
+ "tactic": "persistence",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1036.004",
+ "tactic": "defense-evasion",
+ "score": 2,
+ "color": "",
+ "comment": "",
+ "enabled": true,
+ "metadata": [],
+ "links": [],
+ "showSubtechniques": false
+ },
+ {
+ "techniqueID": "T1176",
+ "tactic": "persistence",
"score": 1,
"color": "",
"comment": "",
@@ -5483,17 +5560,6 @@
"links": [],
"showSubtechniques": false
},
- {
- "techniqueID": "T1036.004",
- "tactic": "defense-evasion",
- "score": 2,
- "color": "",
- "comment": "",
- "enabled": true,
- "metadata": [],
- "links": [],
- "showSubtechniques": false
- },
{
"techniqueID": "T1559",
"tactic": "execution",
diff --git a/other/sigma_attack_nav_coverage.svg b/other/sigma_attack_nav_coverage.svg
index e7a631c0f..aae1029dd 100644
--- a/other/sigma_attack_nav_coverage.svg
+++ b/other/sigma_attack_nav_coverage.svg
@@ -1,2 +1,2 @@
-
\ No newline at end of file
+
\ No newline at end of file