From 12d87e769050feb8ac5894722835b1f37985a3af Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 22 Sep 2025 11:42:05 +0200 Subject: [PATCH] Merge PR #5636 from @phantinuss - Update ATT&CK Heatmap Coverage * chore: update ATT&CK heatmap * chore: update heatmap SVG * chore: tweak output for attack map svg --------- Co-authored-by: phantinuss Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> --- .github/workflows/update-heatmap.yml | 2 +- other/sigma_attack_nav_coverage.json | 7890 +++++++++++++------------- other/sigma_attack_nav_coverage.svg | 2 +- 3 files changed, 3980 insertions(+), 3914 deletions(-) diff --git a/.github/workflows/update-heatmap.yml b/.github/workflows/update-heatmap.yml index 8736c8072..89dac0a02 100644 --- a/.github/workflows/update-heatmap.yml +++ b/.github/workflows/update-heatmap.yml @@ -18,7 +18,7 @@ jobs: run: pipx install sigma-cli - name: Update Heatmap - run: sigma analyze attack count ./other/sigma_attack_nav_coverage.json rule* + run: sigma analyze attack count --min-score 0 --max-score 20 --min-color '#66b1ffff' --max-color '#ff66f4ff' ./other/sigma_attack_nav_coverage.json rule* - name: Create Pull Request uses: peter-evans/create-pull-request@v5 diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json index 069d6bf80..fc35ed8ec 100644 --- a/other/sigma_attack_nav_coverage.json +++ b/other/sigma_attack_nav_coverage.json @@ -9,11 +9,11 @@ "description": "Sigma coverage heatmap generated by Sigma CLI with score function count", "gradient": { "colors": [ - "#ffffff00", - "#ff0000" + "#66b1ffff", + "#ff66f4ff" ], "minValue": 0, - "maxValue": 1352 + "maxValue": 40 }, "techniques": [ { @@ -61,9 +61,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "defense-evasion", - "score": 60, + "techniqueID": "T1518.001", + "tactic": "discovery", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -72,9 +72,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "persistence", - "score": 60, + "techniqueID": "T1059", + "tactic": "execution", + "score": 91, "color": "", "comment": "", "enabled": true, @@ -83,64 +83,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "privilege-escalation", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "initial-access", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "initial-access", - "score": 3, + "techniqueID": "T1204", + "tactic": "execution", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -151,6 +96,402 @@ { "techniqueID": "T1140", "tactic": "defense-evasion", + "score": 18, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566", + "tactic": "initial-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.002", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.001", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "privilege-escalation", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "initial-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.001", + "tactic": "persistence", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1490", + "tactic": "impact", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1083", + "tactic": "discovery", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.001", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1082", + "tactic": "discovery", + "score": 33, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "defense-evasion", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "persistence", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "privilege-escalation", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "initial-access", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1113", + "tactic": "collection", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1049", + "tactic": "discovery", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1219.002", + "tactic": "command-and-control", + "score": 44, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.007", + "tactic": "execution", "score": 19, "color": "", "comment": "", @@ -159,6 +500,138 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1071", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071.001", + "tactic": "command-and-control", + "score": 40, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.001", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.001", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1030", + "tactic": "exfiltration", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1018", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027", + "tactic": "defense-evasion", + "score": 92, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.003", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1529", "tactic": "impact", @@ -170,6 +643,28 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1036.003", + "tactic": "defense-evasion", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.006", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1218", "tactic": "defense-evasion", @@ -215,31 +710,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1018", - "tactic": "discovery", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.001", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1490", - "tactic": "impact", - "score": 25, + "techniqueID": "T1562.001", + "tactic": "defense-evasion", + "score": 109, "color": "", "comment": "", "enabled": true, @@ -269,193 +742,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1082", - "tactic": "discovery", - "score": 33, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1219.002", - "tactic": "command-and-control", - "score": 44, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.003", - "tactic": "defense-evasion", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "privilege-escalation", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "initial-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.006", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "credential-access", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1049", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518.001", - "tactic": "discovery", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1189", "tactic": "initial-access", @@ -479,9 +765,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059", - "tactic": "execution", - "score": 91, + "techniqueID": "T1133", + "tactic": "persistence", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -490,9 +776,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.002", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1133", + "tactic": "initial-access", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -501,31 +787,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.003", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.002", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.001", + "techniqueID": "T1046", "tactic": "discovery", - "score": 16, + "score": 14, "color": "", "comment": "", "enabled": true, @@ -534,20 +798,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.001", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.001", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1016", + "tactic": "discovery", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -578,9 +831,31 @@ "showSubtechniques": false }, { - "techniqueID": "T1083", + "techniqueID": "T1027.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "credential-access", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", "tactic": "discovery", - "score": 21, + "score": 9, "color": "", "comment": "", "enabled": true, @@ -589,195 +864,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1113", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1115", - "tactic": "collection", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1016", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.001", - "tactic": "persistence", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027", - "tactic": "defense-evasion", - "score": 92, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566", - "tactic": "initial-access", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204", - "tactic": "execution", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.001", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.007", - "tactic": "execution", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.001", - "tactic": "defense-evasion", - "score": 111, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.001", - "tactic": "execution", + "techniqueID": "T1555.001", + "tactic": "credential-access", "score": 1, "color": "", "comment": "", @@ -786,28 +874,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1133", - "tactic": "persistence", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1133", - "tactic": "initial-access", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1553.001", "tactic": "defense-evasion", @@ -820,9 +886,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1046", - "tactic": "discovery", - "score": 14, + "techniqueID": "T1115", + "tactic": "collection", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -831,20 +897,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1030", - "tactic": "exfiltration", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", + "techniqueID": "T1053.002", "tactic": "execution", - "score": 7, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -853,9 +908,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.003", + "techniqueID": "T1053.002", "tactic": "persistence", - "score": 7, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -864,97 +919,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.003", + "techniqueID": "T1053.002", "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.001", - "tactic": "command-and-control", - "score": 40, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "persistence", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "privilege-escalation", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1068", - "tactic": "privilege-escalation", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1599.001", - "tactic": "defense-evasion", - "score": 1, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -985,20 +952,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.012", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "privilege-escalation", - "score": 4, + "techniqueID": "T1187", + "tactic": "credential-access", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1028,6 +984,149 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1003.003", + "tactic": "credential-access", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1047", + "tactic": "execution", + "score": 47, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.002", + "tactic": "execution", + "score": 42, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.002", + "tactic": "lateral-movement", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1068", + "tactic": "privilege-escalation", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1190", + "tactic": "initial-access", + "score": 132, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.006", + "tactic": "lateral-movement", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1210", + "tactic": "lateral-movement", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.003", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558.003", + "tactic": "credential-access", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1003.001", "tactic": "credential-access", @@ -1040,7 +1139,326 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.006", + "techniqueID": "T1496", + "tactic": "impact", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1095", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1571", + "tactic": "command-and-control", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.001", + "tactic": "lateral-movement", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071.004", + "tactic": "command-and-control", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.002", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567", + "tactic": "exfiltration", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110", + "tactic": "credential-access", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "collection", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "persistence", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "privilege-escalation", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1495", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.001", + "tactic": "impact", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "execution", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1201", + "tactic": "discovery", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1057", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1033", + "tactic": "discovery", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1124", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.004", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1005", + "tactic": "collection", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.004", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.004", "tactic": "credential-access", "score": 7, "color": "", @@ -1051,7 +1469,238 @@ "showSubtechniques": false }, { - "techniqueID": "T1554", + "techniqueID": "T1070.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "defense-evasion", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "persistence", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.003", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090", + "tactic": "command-and-control", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003", + "tactic": "credential-access", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1213", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1041", + "tactic": "exfiltration", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1498", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1123", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.003", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.004", + "tactic": "discovery", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.007", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1611", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.005", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552", + "tactic": "credential-access", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1609", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136", "tactic": "persistence", "score": 3, "color": "", @@ -1062,9 +1711,174 @@ "showSubtechniques": false }, { - "techniqueID": "T1187", + "techniqueID": "T1505.003", + "tactic": "persistence", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1221", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "defense-evasion", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "persistence", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1568", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567.002", + "tactic": "exfiltration", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1584", + "tactic": "resource-development", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", "tactic": "credential-access", - "score": 6, + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.004", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1482", + "tactic": "discovery", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1572", + "tactic": "command-and-control", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.003", + "tactic": "command-and-control", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -1095,414 +1909,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1482", - "tactic": "discovery", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.002", - "tactic": "exfiltration", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.004", - "tactic": "command-and-control", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1210", - "tactic": "lateral-movement", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.003", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1106", - "tactic": "execution", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "privilege-escalation", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "defense-evasion", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.002", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "privilege-escalation", - "score": 54, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "defense-evasion", - "score": 54, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.001", - "tactic": "execution", - "score": 216, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.006", - "tactic": "lateral-movement", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "defense-evasion", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "privilege-escalation", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.011", - "tactic": "defense-evasion", - "score": 43, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.005", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.005", - "tactic": "execution", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.005", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1047", - "tactic": "execution", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.001", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.003", - "tactic": "credential-access", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.006", - "tactic": "credential-access", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1176", + "techniqueID": "T1554", "tactic": "persistence", "score": 3, "color": "", @@ -1512,589 +1919,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1070", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110", - "tactic": "credential-access", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.001", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.002", - "tactic": "discovery", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.002", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.004", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1202", - "tactic": "defense-evasion", - "score": 37, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036", - "tactic": "defense-evasion", - "score": 41, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1012", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "persistence", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "privilege-escalation", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "defense-evasion", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "persistence", - "score": 29, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "privilege-escalation", - "score": 29, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "defense-evasion", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "persistence", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.002", - "tactic": "lateral-movement", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.004", - "tactic": "defense-evasion", - "score": 29, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1190", - "tactic": "initial-access", - "score": 134, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.013", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.005", - "tactic": "defense-evasion", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1072", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1072", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.008", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003", - "tactic": "credential-access", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.003", - "tactic": "persistence", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1033", - "tactic": "discovery", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1489", - "tactic": "impact", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "defense-evasion", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "persistence", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562", - "tactic": "defense-evasion", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1486", - "tactic": "impact", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1539", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.003", - "tactic": "credential-access", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1005", - "tactic": "collection", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1564", "tactic": "defense-evasion", @@ -2107,9 +1931,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1558.003", - "tactic": "credential-access", - "score": 16, + "techniqueID": "T1106", + "tactic": "execution", + "score": 14, "color": "", "comment": "", "enabled": true, @@ -2118,7 +1942,150 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.009", + "techniqueID": "T1562.002", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.001", + "tactic": "execution", + "score": 216, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "privilege-escalation", + "score": 54, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "defense-evasion", + "score": 54, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548", + "tactic": "privilege-escalation", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548", + "tactic": "defense-evasion", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1176.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1615", + "tactic": "discovery", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", "tactic": "defense-evasion", "score": 4, "color": "", @@ -2128,6 +2095,61 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1484.001", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.002", + "tactic": "resource-development", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.011", + "tactic": "defense-evasion", + "score": 43, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1053.005", "tactic": "execution", @@ -2162,7 +2184,40 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.004", + "techniqueID": "T1218.008", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "defense-evasion", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", "tactic": "defense-evasion", "score": 6, "color": "", @@ -2173,20 +2228,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", + "techniqueID": "T1134.002", "tactic": "privilege-escalation", - "score": 3, + "score": 6, "color": "", "comment": "", "enabled": true, @@ -2195,74 +2239,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1595", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.003", - "tactic": "execution", - "score": 35, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090", - "tactic": "command-and-control", - "score": 22, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1526", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1491.001", - "tactic": "impact", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.004", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.005", - "tactic": "credential-access", + "techniqueID": "T1218.005", + "tactic": "defense-evasion", "score": 8, "color": "", "comment": "", @@ -2271,171 +2249,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1567", - "tactic": "exfiltration", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "execution", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1649", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1485", - "tactic": "impact", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1608", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "persistence", - "score": 37, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "privilege-escalation", - "score": 37, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.005", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1123", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587.001", - "tactic": "resource-development", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1132.001", "tactic": "command-and-control", @@ -2447,6 +2260,50 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1036", + "tactic": "defense-evasion", + "score": 41, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562", + "tactic": "defense-evasion", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1102", "tactic": "command-and-control", @@ -2459,42 +2316,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1572", - "tactic": "command-and-control", - "score": 22, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.001", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", + "techniqueID": "T1543.003", "tactic": "persistence", - "score": 6, + "score": 45, "color": "", "comment": "", "enabled": true, @@ -2503,42 +2327,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "persistence", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", + "techniqueID": "T1543.003", "tactic": "privilege-escalation", - "score": 11, + "score": 45, "color": "", "comment": "", "enabled": true, @@ -2547,20 +2338,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.011", + "techniqueID": "T1070.001", "tactic": "defense-evasion", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.003", - "tactic": "exfiltration", - "score": 8, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -2579,72 +2359,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1593.003", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.004", - "tactic": "defense-evasion", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590.001", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1218.002", "tactic": "defense-evasion", @@ -2679,9 +2393,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.003", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1059.003", + "tactic": "execution", + "score": 35, "color": "", "comment": "", "enabled": true, @@ -2690,19 +2404,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1135", - "tactic": "discovery", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1217", - "tactic": "discovery", + "techniqueID": "T1546.007", + "tactic": "privilege-escalation", "score": 4, "color": "", "comment": "", @@ -2712,30 +2415,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1528", + "techniqueID": "T1546.007", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.006", "tactic": "credential-access", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1104", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587", - "tactic": "resource-development", "score": 6, "color": "", "comment": "", @@ -2744,325 +2436,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1053.002", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1570", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.002", - "tactic": "execution", - "score": 42, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.003", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.001", - "tactic": "lateral-movement", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1007", - "tactic": "discovery", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1563.002", - "tactic": "lateral-movement", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1185", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1615", - "tactic": "discovery", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1496", - "tactic": "impact", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.002", - "tactic": "resource-development", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.006", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1562.010", "tactic": "defense-evasion", @@ -3075,7 +2448,172 @@ "showSubtechniques": false }, { - "techniqueID": "T1222.001", + "techniqueID": "T1090.001", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1202", + "tactic": "defense-evasion", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.005", + "tactic": "execution", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.004", + "tactic": "defense-evasion", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.002", + "tactic": "discovery", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1220", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1012", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1007", + "tactic": "discovery", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.002", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1563.002", + "tactic": "lateral-movement", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587.001", + "tactic": "resource-development", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.009", "tactic": "defense-evasion", "score": 4, "color": "", @@ -3097,7 +2635,40 @@ "showSubtechniques": false }, { - "techniqueID": "T1124", + "techniqueID": "T1546.011", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1485", + "tactic": "impact", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1526", "tactic": "discovery", "score": 3, "color": "", @@ -3107,6 +2678,457 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1518", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.003", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1649", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.002", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074.001", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "persistence", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "persistence", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "privilege-escalation", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "defense-evasion", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.004", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.013", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.009", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1135", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1217", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1185", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "persistence", + "score": 88, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "privilege-escalation", + "score": 88, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "defense-evasion", + "score": 88, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1486", + "tactic": "impact", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1528", + "tactic": "credential-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "defense-evasion", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "privilege-escalation", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1614.001", "tactic": "discovery", @@ -3118,6 +3140,578 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1539", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.004", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590.001", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.004", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587", + "tactic": "resource-development", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.005", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.001", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.006", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.004", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.010", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1608", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1489", + "tactic": "impact", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1039", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.005", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.006", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1570", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1120", + "tactic": "discovery", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "persistence", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "privilege-escalation", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.001", + "tactic": "exfiltration", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1620", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1505.005", "tactic": "persistence", @@ -3162,28 +3756,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1546.007", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1547.014", "tactic": "persistence", @@ -3251,9 +3823,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557", + "techniqueID": "T1110.002", "tactic": "credential-access", - "score": 5, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3262,63 +3834,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1557", - "tactic": "collection", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518", - "tactic": "discovery", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.009", + "techniqueID": "T1211", "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074.001", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "privilege-escalation", "score": 4, "color": "", "comment": "", @@ -3339,8 +3856,30 @@ "showSubtechniques": false }, { - "techniqueID": "T1057", - "tactic": "discovery", + "techniqueID": "T1593.003", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1491.001", + "tactic": "impact", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.006", + "tactic": "credential-access", "score": 7, "color": "", "comment": "", @@ -3349,270 +3888,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1048.001", - "tactic": "exfiltration", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1201", - "tactic": "discovery", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1620", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552", - "tactic": "credential-access", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1220", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.002", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.004", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.010", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.006", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.004", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1095", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1120", - "tactic": "discovery", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1036.007", "tactic": "defense-evasion", @@ -3624,72 +3899,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1070.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.002", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.004", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1211", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1212", "tactic": "credential-access", @@ -3702,9 +3911,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.011", - "tactic": "privilege-escalation", - "score": 6, + "techniqueID": "T1069", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -3713,9 +3922,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.011", - "tactic": "persistence", - "score": 6, + "techniqueID": "T1550.003", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3724,8 +3933,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1039", - "tactic": "collection", + "techniqueID": "T1550.003", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595", + "tactic": "reconnaissance", "score": 2, "color": "", "comment": "", @@ -3735,7 +3955,62 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.002", + "techniqueID": "T1104", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1006", "tactic": "defense-evasion", "score": 1, "color": "", @@ -3757,9 +4032,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1571", - "tactic": "command-and-control", - "score": 5, + "techniqueID": "T1567.001", + "tactic": "exfiltration", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3778,17 +4053,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1102.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1127.001", "tactic": "defense-evasion", @@ -3800,28 +4064,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1567.001", - "tactic": "exfiltration", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1041", - "tactic": "exfiltration", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1090.002", "tactic": "command-and-control", @@ -3834,8 +4076,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1590.002", - "tactic": "reconnaissance", + "techniqueID": "T1027.002", + "tactic": "defense-evasion", "score": 1, "color": "", "comment": "", @@ -3845,8 +4087,30 @@ "showSubtechniques": false }, { - "techniqueID": "T1200", - "tactic": "initial-access", + "techniqueID": "T1555.005", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1599.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "privilege-escalation", "score": 3, "color": "", "comment": "", @@ -3856,9 +4120,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.002", - "tactic": "defense-evasion", - "score": 6, + "techniqueID": "T1546.013", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -3867,9 +4131,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.002", - "tactic": "lateral-movement", - "score": 6, + "techniqueID": "T1547.015", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3878,8 +4142,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1010", - "tactic": "discovery", + "techniqueID": "T1547.015", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -3899,28 +4163,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1207", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1547.009", "tactic": "persistence", @@ -3943,457 +4185,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1091", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "credential-access", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "persistence", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1001.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.003", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.003", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1531", - "tactic": "impact", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1584", - "tactic": "resource-development", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.001", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.004", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1137.006", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1020", - "tactic": "exfiltration", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1589.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114.001", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.005", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1573", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1137", "tactic": "persistence", @@ -4438,6 +4229,28 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1001.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137.006", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1137.003", "tactic": "persistence", @@ -4449,6 +4262,314 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1200", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "lateral-movement", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1207", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1531", + "tactic": "impact", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1010", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "credential-access", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "defense-evasion", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.003", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.003", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1546.009", "tactic": "privilege-escalation", @@ -4471,6 +4592,72 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1546.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559.002", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1547.008", "tactic": "persistence", @@ -4494,8 +4681,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.005", - "tactic": "persistence", + "techniqueID": "T1546.010", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -4505,8 +4692,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.005", - "tactic": "privilege-escalation", + "techniqueID": "T1546.010", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -4527,18 +4714,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.010", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.010", + "techniqueID": "T1547.005", "tactic": "persistence", "score": 1, "color": "", @@ -4549,18 +4725,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.003", + "techniqueID": "T1547.005", "tactic": "privilege-escalation", "score": 1, "color": "", @@ -4571,41 +4736,151 @@ "showSubtechniques": false }, { - "techniqueID": "T1559.002", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.003", + "techniqueID": "T1553.005", "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1573", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114.001", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1020", + "tactic": "exfiltration", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -4625,6 +4900,28 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1546.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1055.009", "tactic": "defense-evasion", @@ -4647,17 +4944,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1222.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1574.006", "tactic": "persistence", @@ -4691,50 +4977,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1543.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1499", "tactic": "impact", @@ -4746,50 +4988,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1546.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.001", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.012", - "tactic": "execution", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1548.001", "tactic": "privilege-escalation", @@ -4812,50 +5010,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1592.004", - "tactic": "reconnaissance", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1014", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1562.003", "tactic": "defense-evasion", @@ -4868,8 +5022,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1136", - "tactic": "persistence", + "techniqueID": "T1059.012", + "tactic": "execution", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1592.004", + "tactic": "reconnaissance", "score": 3, "color": "", "comment": "", @@ -4878,6 +5043,39 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1548.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1014", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1588.001", "tactic": "resource-development", @@ -4900,83 +5098,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1102.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.002", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1221", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.003", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.003", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1098.001", "tactic": "persistence", @@ -5002,7 +5123,7 @@ { "techniqueID": "T1556.006", "tactic": "credential-access", - "score": 2, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5013,7 +5134,7 @@ { "techniqueID": "T1556.006", "tactic": "defense-evasion", - "score": 2, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5024,18 +5145,7 @@ { "techniqueID": "T1556.006", "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586.003", - "tactic": "resource-development", - "score": 1, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5087,6 +5197,50 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1098.003", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.003", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586.003", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1537", + "tactic": "exfiltration", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1213.003", "tactic": "collection", @@ -5101,161 +5255,7 @@ { "techniqueID": "T1136.003", "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1537", - "tactic": "exfiltration", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1606", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.004", - "tactic": "discovery", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1621", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.007", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.007", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1213", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1591.004", - "tactic": "reconnaissance", - "score": 2, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5275,8 +5275,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1074", - "tactic": "collection", + "techniqueID": "T1591.004", + "tactic": "reconnaissance", "score": 2, "color": "", "comment": "", @@ -5285,6 +5285,28 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1484.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.002", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1199", "tactic": "initial-access", @@ -5297,8 +5319,63 @@ "showSubtechniques": false }, { - "techniqueID": "T1580", - "tactic": "discovery", + "techniqueID": "T1562.007", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.008", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.009", + "tactic": "execution", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.007", + "tactic": "lateral-movement", "score": 1, "color": "", "comment": "", @@ -5319,62 +5396,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.009", - "tactic": "execution", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.007", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1498", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.003", + "techniqueID": "T1580", "tactic": "discovery", "score": 1, "color": "", @@ -5385,30 +5407,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1611", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1609", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1595.002", - "tactic": "reconnaissance", + "techniqueID": "T1619", + "tactic": "discovery", "score": 1, "color": "", "comment": "", @@ -5418,7 +5418,51 @@ "showSubtechniques": false }, { - "techniqueID": "T1505", + "techniqueID": "T1606", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114.003", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.005", "tactic": "persistence", "score": 1, "color": "", @@ -5429,8 +5473,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1565.002", - "tactic": "impact", + "techniqueID": "T1098.005", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -5440,8 +5484,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1561.001", - "tactic": "impact", + "techniqueID": "T1621", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578.003", + "tactic": "defense-evasion", "score": 1, "color": "", "comment": "", @@ -5451,8 +5506,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1561.002", - "tactic": "impact", + "techniqueID": "T1578", + "tactic": "defense-evasion", "score": 1, "color": "", "comment": "", @@ -5462,8 +5517,30 @@ "showSubtechniques": false }, { - "techniqueID": "T1495", - "tactic": "impact", + "techniqueID": "T1505.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.004", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1176", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -5483,17 +5560,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1036.004", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1559", "tactic": "execution", diff --git a/other/sigma_attack_nav_coverage.svg b/other/sigma_attack_nav_coverage.svg index e7a631c0f..aae1029dd 100644 --- a/other/sigma_attack_nav_coverage.svg +++ b/other/sigma_attack_nav_coverage.svg @@ -1,2 +1,2 @@ -aboutSigma 2025-02Sigma coverageheatmap generated by SigmaCLI with score function countdomainEnterprise ATT&CK v16platformsWindows, Linux, macOS,Network, PRE, Containers,IaaS, SaaS, OfficeSuite, Identity Providerlegend0.03.36.710Active ScanningGather VictimHost InformationGather VictimIdentity InformationGather VictimNetwork InformationGather VictimOrg InformationPhishingfor InformationSearchClosed SourcesSearch OpenTechnical DatabasesSearch OpenWebsites/DomainsSearch Victim-OwnedWebsitesReconnaissanceAcquire AccessAcquireInfrastructureCompromiseAccountsCompromiseInfrastructureDevelopCapabilitiesEstablishAccountsObtainCapabilitiesStageCapabilitiesResourceDevelopmentContentInjectionDrive-byCompromiseExploit Public-FacingApplicationExternalRemote ServicesHardwareAdditionsPhishingReplication ThroughRemovable MediaSupply ChainCompromiseTrustedRelationshipValid AccountsInitial AccessCloud AdministrationCommandCommand andScripting InterpreterContainerAdministration CommandDeployContainerExploitation forClient ExecutionInter-ProcessCommunicationNative APIScheduledTask/JobServerlessExecutionShared ModulesSoftwareDeployment ToolsSystem ServicesUser ExecutionWindows ManagementInstrumentationExecutionAccountManipulationBITS JobsBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsBrowserExtensionsCompromise HostSoftware BinaryCreate AccountCreate or ModifySystem ProcessEvent TriggeredExecutionExternalRemote ServicesHijackExecution FlowImplantInternal ImageModify AuthenticationProcessOffice ApplicationStartupPower SettingsPre-OS BootScheduledTask/JobServer SoftwareComponentTrafficSignalingValid AccountsPersistenceAbuse ElevationControl MechanismAccess TokenManipulationAccountManipulationBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsCreate or ModifySystem ProcessDomain or TenantPolicy ModificationEscape to HostEvent TriggeredExecutionExploitation forPrivilege EscalationHijackExecution FlowProcessInjectionScheduledTask/JobValid AccountsPrivilegeEscalationAbuse ElevationControl MechanismAccess TokenManipulationBITS JobsBuildImage on HostDebuggerEvasionDeobfuscate/DecodeFiles or InformationDeployContainerDirectVolume AccessDomain or TenantPolicy ModificationExecutionGuardrailsExploitation forDefense EvasionFile andDirectory PermissionsModificationHide ArtifactsHijackExecution FlowImpair DefensesImpersonationIndicatorRemovalIndirect CommandExecutionMasqueradingModify AuthenticationProcessModify Cloud ComputeInfrastructureModify CloudResource HierarchyModify RegistryModifySystem ImageNetwork BoundaryBridgingObfuscated Filesor InformationPlist FileModificationPre-OS BootProcessInjectionReflectiveCode LoadingRogue DomainControllerRootkitSubvertTrust ControlsSystem BinaryProxy ExecutionSystem ScriptProxy ExecutionTemplateInjectionTrafficSignalingTrustedDeveloper UtilitiesProxy ExecutionUnused/UnsupportedCloud RegionsUse AlternateAuthenticationMaterialValid AccountsVirtualization/SandboxEvasionWeakenEncryptionXSL ScriptProcessingDefense EvasionAdversary-in-the-MiddleBrute ForceCredentials fromPassword StoresExploitation forCredential AccessForcedAuthenticationForgeWeb CredentialsInput CaptureModify AuthenticationProcessMulti-FactorAuthenticationInterceptionMulti-FactorAuthenticationRequest GenerationNetworkSniffingOS CredentialDumpingSteal ApplicationAccess TokenSteal orForge AuthenticationCertificatesSteal or ForgeKerberos TicketsSteal WebSession CookieUnsecuredCredentialsCredentialAccessAccountDiscoveryApplicationWindow DiscoveryBrowser InformationDiscoveryCloud InfrastructureDiscoveryCloud ServiceDashboardCloud ServiceDiscoveryCloud StorageObject DiscoveryContainer andResource DiscoveryDebuggerEvasionDevice DriverDiscoveryDomainTrust DiscoveryFile and DirectoryDiscoveryGroup PolicyDiscoveryLog EnumerationNetwork ServiceDiscoveryNetworkShare DiscoveryNetworkSniffingPassword PolicyDiscoveryPeripheralDevice DiscoveryPermissionGroups DiscoveryProcessDiscoveryQuery RegistryRemote SystemDiscoverySoftwareDiscoverySystem InformationDiscoverySystem LocationDiscoverySystemNetwork ConfigurationDiscoverySystem NetworkConnections DiscoverySystem Owner/UserDiscoverySystem ServiceDiscoverySystemTime DiscoveryVirtualization/SandboxEvasionDiscoveryExploitation ofRemote ServicesInternalSpearphishingLateralTool TransferRemote ServiceSession HijackingRemote ServicesReplication ThroughRemovable MediaSoftwareDeployment ToolsTaintShared ContentUse AlternateAuthenticationMaterialLateralMovementAdversary-in-the-MiddleArchiveCollected DataAudio CaptureAutomatedCollectionBrowser SessionHijackingClipboard DataData fromCloud StorageDatafrom ConfigurationRepositoryData from InformationRepositoriesData fromLocal SystemData from NetworkShared DriveData fromRemovable MediaData StagedEmailCollectionInput CaptureScreen CaptureVideo CaptureCollectionApplicationLayer ProtocolCommunication ThroughRemovable MediaContentInjectionData EncodingDataObfuscationDynamicResolutionEncryptedChannelFallbackChannelsHideInfrastructureIngressTool TransferMulti-StageChannelsNon-ApplicationLayer ProtocolNon-StandardPortProtocolTunnelingProxyRemoteAccess SoftwareTrafficSignalingWeb ServiceCommandand ControlAutomatedExfiltrationData TransferSize LimitsExfiltration OverAlternative ProtocolExfiltrationOver C2 ChannelExfiltration OverOther Network MediumExfiltration OverPhysical MediumExfiltrationOver Web ServiceScheduledTransferTransfer Datato Cloud AccountExfiltrationAccountAccess RemovalDataDestructionData Encryptedfor ImpactDataManipulationDefacementDisk WipeEndpoint Denialof ServiceFinancial TheftFirmwareCorruptionInhibitSystem RecoveryNetwork Denialof ServiceResourceHijackingService StopSystemShutdown/RebootImpact \ No newline at end of file +aboutSigma Analytics CoverageSigma coverageheatmap generated by SigmaCLI with score function countdomainEnterprise ATT&CK v17platformsWindows, Linux, macOS,Network Devices, ESXi, PRE,Containers, IaaS, SaaS, OfficeSuite, Identity Providerlegend0.06.71320Active ScanningGather VictimHost InformationGather VictimIdentity InformationGather VictimNetwork InformationGather VictimOrg InformationPhishingfor InformationSearchClosed SourcesSearch OpenTechnical DatabasesSearch OpenWebsites/DomainsSearch Victim-OwnedWebsitesReconnaissanceAcquire AccessAcquireInfrastructureCompromiseAccountsCompromiseInfrastructureDevelopCapabilitiesEstablishAccountsObtainCapabilitiesStageCapabilitiesResourceDevelopmentContentInjectionDrive-byCompromiseExploit Public-FacingApplicationExternalRemote ServicesHardwareAdditionsPhishingReplication ThroughRemovable MediaSupply ChainCompromiseTrustedRelationshipValid AccountsWi-Fi NetworksInitial AccessCloud AdministrationCommandCommand andScripting InterpreterContainerAdministration CommandDeployContainerESXi AdministrationCommandExploitation forClient ExecutionInput InjectionInter-ProcessCommunicationNative APIScheduledTask/JobServerlessExecutionShared ModulesSoftwareDeployment ToolsSystem ServicesUser ExecutionWindows ManagementInstrumentationExecutionAccountManipulationBITS JobsBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsCloud ApplicationIntegrationCompromise HostSoftware BinaryCreate AccountCreate or ModifySystem ProcessEvent TriggeredExecutionExclusiveControlExternalRemote ServicesHijackExecution FlowImplantInternal ImageModify AuthenticationProcessModify RegistryOffice ApplicationStartupPower SettingsPre-OS BootScheduledTask/JobServer SoftwareComponentSoftwareExtensionsTrafficSignalingValid AccountsPersistenceAbuse ElevationControl MechanismAccess TokenManipulationAccountManipulationBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsCreate or ModifySystem ProcessDomain or TenantPolicy ModificationEscape to HostEvent TriggeredExecutionExploitation forPrivilege EscalationHijackExecution FlowProcessInjectionScheduledTask/JobValid AccountsPrivilegeEscalationAbuse ElevationControl MechanismAccess TokenManipulationBITS JobsBuildImage on HostDebuggerEvasionDeobfuscate/DecodeFiles or InformationDeployContainerDirectVolume AccessDomain or TenantPolicy ModificationEmail SpoofingExecutionGuardrailsExploitation forDefense EvasionFile andDirectory PermissionsModificationHide ArtifactsHijackExecution FlowImpair DefensesImpersonationIndicatorRemovalIndirect CommandExecutionMasqueradingModify AuthenticationProcessModify Cloud ComputeInfrastructureModify CloudResource HierarchyModify RegistryModifySystem ImageNetwork BoundaryBridgingObfuscated Filesor InformationPlist FileModificationPre-OS BootProcessInjectionReflectiveCode LoadingRogue DomainControllerRootkitSubvertTrust ControlsSystem BinaryProxy ExecutionSystem ScriptProxy ExecutionTemplateInjectionTrafficSignalingTrustedDeveloper UtilitiesProxy ExecutionUnused/UnsupportedCloud RegionsUse AlternateAuthentication MaterialValid AccountsVirtualization/SandboxEvasionWeakenEncryptionXSL ScriptProcessingDefense EvasionAdversary-in-the-MiddleBrute ForceCredentials fromPassword StoresExploitation forCredential AccessForcedAuthenticationForgeWeb CredentialsInput CaptureModify AuthenticationProcessMulti-FactorAuthenticationInterceptionMulti-FactorAuthenticationRequest GenerationNetworkSniffingOS CredentialDumpingSteal ApplicationAccess TokenStealor Forge AuthenticationCertificatesSteal or ForgeKerberos TicketsSteal WebSession CookieUnsecuredCredentialsCredentialAccessAccountDiscoveryApplicationWindow DiscoveryBrowser InformationDiscoveryCloud InfrastructureDiscoveryCloud ServiceDashboardCloud ServiceDiscoveryCloud StorageObject DiscoveryContainer andResource DiscoveryDebuggerEvasionDevice DriverDiscoveryDomainTrust DiscoveryFile and DirectoryDiscoveryGroup PolicyDiscoveryLog EnumerationNetwork ServiceDiscoveryNetworkShare DiscoveryNetworkSniffingPassword PolicyDiscoveryPeripheralDevice DiscoveryPermissionGroups DiscoveryProcessDiscoveryQuery RegistryRemote SystemDiscoverySoftwareDiscoverySystem InformationDiscoverySystem LocationDiscoverySystem NetworkConfiguration DiscoverySystem NetworkConnections DiscoverySystem Owner/UserDiscoverySystem ServiceDiscoverySystemTime DiscoveryVirtual MachineDiscoveryVirtualization/SandboxEvasionDiscoveryExploitation ofRemote ServicesInternalSpearphishingLateralTool TransferRemote ServiceSession HijackingRemote ServicesReplication ThroughRemovable MediaSoftwareDeployment ToolsTaintShared ContentUse AlternateAuthentication MaterialLateralMovementAdversary-in-the-MiddleArchiveCollected DataAudio CaptureAutomatedCollectionBrowser SessionHijackingClipboard DataData fromCloud StorageData from ConfigurationRepositoryData from InformationRepositoriesData fromLocal SystemData from NetworkShared DriveData fromRemovable MediaData StagedEmailCollectionInput CaptureScreen CaptureVideo CaptureCollectionApplicationLayer ProtocolCommunication ThroughRemovable MediaContentInjectionData EncodingDataObfuscationDynamicResolutionEncryptedChannelFallbackChannelsHideInfrastructureIngressTool TransferMulti-StageChannelsNon-ApplicationLayer ProtocolNon-StandardPortProtocolTunnelingProxyRemoteAccess ToolsTrafficSignalingWeb ServiceCommandand ControlAutomatedExfiltrationData TransferSize LimitsExfiltration OverAlternative ProtocolExfiltrationOver C2 ChannelExfiltration OverOther Network MediumExfiltration OverPhysical MediumExfiltrationOver Web ServiceScheduledTransferTransfer Datato Cloud AccountExfiltrationAccountAccess RemovalDataDestructionData Encryptedfor ImpactDataManipulationDefacementDisk WipeEmail BombingEndpoint Denialof ServiceFinancial TheftFirmwareCorruptionInhibitSystem RecoveryNetwork Denialof ServiceResourceHijackingService StopSystemShutdown/RebootImpact \ No newline at end of file