diff --git a/.github/workflows/update-heatmap.yml b/.github/workflows/update-heatmap.yml index 80e952b19..8736c8072 100644 --- a/.github/workflows/update-heatmap.yml +++ b/.github/workflows/update-heatmap.yml @@ -2,7 +2,6 @@ name: Generate Updated ATT&CK Heatmap on: schedule: - cron: "0 0 1 * *" - workflow_dispatch: @@ -31,22 +30,22 @@ jobs: title: 'Update ATT&CK Heatmap Coverage' body: | ### Summary of the Pull Request - + This PR updates sigma_attack_nav_coverage.json to reflect the current rule coverage. - To generate a new SVG file, go to the [MITRE ATT&CK Navigator](https://mitre-attack.github.io/attack-navigator/#layerURL=https://raw.githubusercontent.com/SigmaHQ/sigma/"${GITHUB_SHA}"/other/sigma_attack_nav_coverage.json) and export a SVG via "Layer Controls" > "Export" (download icon) > "render layer to SVG". - + To generate a new SVG file, go to the [MITRE ATT&CK Navigator](https://mitre-attack.github.io/attack-navigator/#layerURL=https://raw.githubusercontent.com/SigmaHQ/sigma/master/other/sigma_attack_nav_coverage.json) and export a SVG via "Layer Controls" > "Export" (download icon) > "render layer to SVG". + ### Changelog - + chore: update ATT&CK heatmap - + ### Example Log Event - + N/A - + ### Fixed Issues - + N/A - + ### SigmaHQ Rule Creation Conventions - + - If your PR adds new rules, please consider following and applying these [conventions](https://github.com/SigmaHQ/sigma-specification/blob/main/sigmahq/sigmahq_conventions.md) diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json index d9fba3fc0..388a02ab1 100644 --- a/other/sigma_attack_nav_coverage.json +++ b/other/sigma_attack_nav_coverage.json @@ -1,4057 +1,5520 @@ { - "name": "Sigma 2025-02", - "versions": { - "attack": "16", - "navigator": "5.1.0", - "layer": "4.5" - }, - "domain": "enterprise-attack", - "description": "Sigma coverage heatmap generated by Sigma CLI with score function count", - "filters": { - "platforms": [ - "Windows", - "Linux", - "macOS", - "Network", - "PRE", - "Containers", - "IaaS", - "SaaS", - "Office Suite", - "Identity Provider" - ] - }, - "sorting": 0, - "layout": { - "layout": "side", - "aggregateFunction": "average", - "showID": false, - "showName": true, - "showAggregateScores": false, - "countUnscored": false, - "expandedSubtechniques": "none" - }, - "hideDisabled": false, - "techniques": [ - { - "techniqueID": "T1047", - "tactic": "execution", - "score": 44, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1113", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557", - "tactic": "collection", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1033", - "tactic": "discovery", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1592.004", - "tactic": "reconnaissance", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003", - "tactic": "credential-access", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.002", - "tactic": "credential-access", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.003", - "tactic": "credential-access", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.005", - "tactic": "credential-access", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1014", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1123", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "persistence", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "privilege-escalation", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1133", - "tactic": "persistence", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1133", - "tactic": "initial-access", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.002", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.001", - "tactic": "discovery", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114.001", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1561.002", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1561.001", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1615", - "tactic": "discovery", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "persistence", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "privilege-escalation", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.008", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.008", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.014", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.014", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.003", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.002", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.002", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.010", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.010", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1489", - "tactic": "impact", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.004", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1115", - "tactic": "collection", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1007", - "tactic": "discovery", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "credential-access", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1135", - "tactic": "discovery", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1120", - "tactic": "discovery", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1082", - "tactic": "discovery", - "score": 30, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.004", - "tactic": "command-and-control", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.001", - "tactic": "command-and-control", - "score": 39, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "execution", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1176", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1106", - "tactic": "execution", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1005", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1140", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.004", - "tactic": "defense-evasion", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.002", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.001", - "tactic": "defense-evasion", - "score": 106, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.006", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.010", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1195", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1195.001", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1558.003", - "tactic": "credential-access", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.004", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.001", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.001", - "tactic": "exfiltration", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.002", - "tactic": "exfiltration", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1219", - "tactic": "command-and-control", - "score": 40, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036", - "tactic": "defense-evasion", - "score": 41, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.003", - "tactic": "defense-evasion", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.004", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.005", - "tactic": "defense-evasion", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.007", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.007", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.001", - "tactic": "credential-access", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.002", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "defense-evasion", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "privilege-escalation", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218", - "tactic": "defense-evasion", - "score": 140, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.005", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.008", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.013", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.001", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.010", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.009", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.007", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1620", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1611", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1010", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1525", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1572", - "tactic": "command-and-control", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "lateral-movement", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1589", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560.001", - "tactic": "collection", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1185", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.006", - "tactic": "lateral-movement", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.005", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.002", - "tactic": "lateral-movement", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.001", - "tactic": "lateral-movement", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.003", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.004", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1207", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "defense-evasion", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1580", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1491.001", - "tactic": "impact", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1563.002", - "tactic": "lateral-movement", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1217", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1595", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1595.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "privilege-escalation", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "defense-evasion", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1125", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1016", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.002", - "tactic": "discovery", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.001", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090", - "tactic": "command-and-control", - "score": 22, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.001", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.004", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.002", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.005", - "tactic": "execution", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.002", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.003", - "tactic": "execution", - "score": 33, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.004", - "tactic": "execution", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.006", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.001", - "tactic": "execution", - "score": 214, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1482", - "tactic": "discovery", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1020", - "tactic": "exfiltration", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.004", - "tactic": "defense-evasion", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.002", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.001", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1609", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1083", - "tactic": "discovery", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074.001", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1049", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1584", - "tactic": "resource-development", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.002", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1608", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1104", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1057", - "tactic": "discovery", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1041", - "tactic": "exfiltration", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1591.004", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590.001", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1210", - "tactic": "lateral-movement", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1593.003", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.003", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.001", - "tactic": "exfiltration", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.001", - "tactic": "initial-access", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.002", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.001", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1559.002", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1559.001", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1039", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "persistence", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "privilege-escalation", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "defense-evasion", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "persistence", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "privilege-escalation", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "defense-evasion", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "privilege-escalation", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "initial-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1571", - "tactic": "command-and-control", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1068", - "tactic": "privilege-escalation", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027", - "tactic": "defense-evasion", - "score": 92, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.009", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.010", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "persistence", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.010", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.010", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.009", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.009", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.014", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.014", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1187", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1599.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1486", - "tactic": "impact", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.005", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.004", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1573", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1203", - "tactic": "execution", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1570", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1095", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1012", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1030", - "tactic": "exfiltration", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.001", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1614.001", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "defense-evasion", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "persistence", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1132.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.002", - "tactic": "resource-development", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.001", - "tactic": "resource-development", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.002", - "tactic": "execution", - "score": 42, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1200", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.004", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.003", - "tactic": "persistence", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1221", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.001", - "tactic": "persistence", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1018", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1046", - "tactic": "discovery", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518", - "tactic": "discovery", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518.001", - "tactic": "discovery", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1105", - "tactic": "command-and-control", - "score": 64, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1220", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587", - "tactic": "resource-development", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587.001", - "tactic": "resource-development", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1008", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1124", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1495", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1211", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1529", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - } - ], - "gradient": { - "colors": [ - "#66b1ffff", - "#ff66f4ff" - ], - "minValue": 0, - "maxValue": 10 - }, - "legendItems": [], - "metadata": [], - "links": [], - "showTacticRowBackground": false, - "tacticRowBackground": "#dddddd", - "selectTechniquesAcrossTactics": false, - "selectSubtechniquesWithParent": false, - "selectVisibleTechniques": false -} + "name": "Sigma Analytics Coverage", + "versions": { + "attack": "17.0", + "navigator": "4.8.1", + "layer": "4.4" + }, + "domain": "enterprise-attack", + "description": "Sigma coverage heatmap generated by Sigma CLI with score function count", + "gradient": { + "colors": [ + "#ffffff00", + "#ff0000" + ], + "minValue": 0, + "maxValue": 1345 + }, + "techniques": [ + { + "techniqueID": "T1071.001", + "tactic": "command-and-control", + "score": 40, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "defense-evasion", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "persistence", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1105", + "tactic": "command-and-control", + "score": 70, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1568", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1190", + "tactic": "initial-access", + "score": 130, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567.002", + "tactic": "exfiltration", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1189", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.002", + "tactic": "execution", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.005", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566", + "tactic": "initial-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1203", + "tactic": "execution", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1584", + "tactic": "resource-development", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.002", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110", + "tactic": "credential-access", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.003", + "tactic": "persistence", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1083", + "tactic": "discovery", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1221", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.004", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1210", + "tactic": "lateral-movement", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.001", + "tactic": "initial-access", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560.001", + "tactic": "collection", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027", + "tactic": "defense-evasion", + "score": 92, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1490", + "tactic": "impact", + "score": 25, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059", + "tactic": "execution", + "score": 91, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204", + "tactic": "execution", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1140", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.002", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.007", + "tactic": "execution", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.001", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.006", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1113", + "tactic": "collection", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.001", + "tactic": "persistence", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.001", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218", + "tactic": "defense-evasion", + "score": 144, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.004", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.001", + "tactic": "credential-access", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1082", + "tactic": "discovery", + "score": 33, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "defense-evasion", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "persistence", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "privilege-escalation", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "initial-access", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "privilege-escalation", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "initial-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1219.002", + "tactic": "command-and-control", + "score": 44, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.003", + "tactic": "defense-evasion", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1049", + "tactic": "discovery", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.003", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "credential-access", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "discovery", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.001", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1518.001", + "tactic": "discovery", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.001", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1529", + "tactic": "impact", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1030", + "tactic": "exfiltration", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1115", + "tactic": "collection", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.001", + "tactic": "defense-evasion", + "score": 107, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1046", + "tactic": "discovery", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1018", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.001", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1133", + "tactic": "persistence", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1133", + "tactic": "initial-access", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1016", + "tactic": "discovery", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.014", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.014", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1068", + "tactic": "privilege-escalation", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.004", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.004", + "tactic": "execution", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1592.004", + "tactic": "reconnaissance", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1496", + "tactic": "impact", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.012", + "tactic": "execution", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1033", + "tactic": "discovery", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1007", + "tactic": "discovery", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1531", + "tactic": "impact", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1485", + "tactic": "impact", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567", + "tactic": "exfiltration", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "persistence", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.001", + "tactic": "impact", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036", + "tactic": "defense-evasion", + "score": 41, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.004", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.004", + "tactic": "defense-evasion", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090", + "tactic": "command-and-control", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1014", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548", + "tactic": "privilege-escalation", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548", + "tactic": "defense-evasion", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1593.003", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.009", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.009", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "persistence", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "privilege-escalation", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587", + "tactic": "resource-development", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1571", + "tactic": "command-and-control", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1568.002", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1572", + "tactic": "command-and-control", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102", + "tactic": "command-and-control", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.006", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1489", + "tactic": "impact", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499", + "tactic": "impact", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "persistence", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "privilege-escalation", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "defense-evasion", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.003", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1201", + "tactic": "discovery", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1123", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", + "tactic": "persistence", + "score": 45, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", + "tactic": "privilege-escalation", + "score": 45, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1106", + "tactic": "execution", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1057", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003", + "tactic": "credential-access", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1212", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.001", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.008", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.001", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1202", + "tactic": "defense-evasion", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.005", + "tactic": "execution", + "score": 47, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.005", + "tactic": "persistence", + "score": 47, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.005", + "tactic": "privilege-escalation", + "score": 47, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1518", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558.003", + "tactic": "credential-access", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.003", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.003", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.009", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.002", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.003", + "tactic": "execution", + "score": 35, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.002", + "tactic": "lateral-movement", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "persistence", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "privilege-escalation", + "score": 54, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "defense-evasion", + "score": 54, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1614.001", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.003", + "tactic": "credential-access", + "score": 25, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1486", + "tactic": "impact", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.001", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.001", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.010", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1482", + "tactic": "discovery", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.003", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.004", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.005", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562", + "tactic": "defense-evasion", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "defense-evasion", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "persistence", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.001", + "tactic": "execution", + "score": 217, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.009", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.006", + "tactic": "credential-access", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1220", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.001", + "tactic": "credential-access", + "score": 74, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.010", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1047", + "tactic": "execution", + "score": 46, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.001", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.007", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "persistence", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "privilege-escalation", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "defense-evasion", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1185", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.004", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587.001", + "tactic": "resource-development", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.003", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.006", + "tactic": "lateral-movement", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.005", + "tactic": "execution", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.011", + "tactic": "defense-evasion", + "score": 43, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.004", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.013", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1104", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1176", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1615", + "tactic": "discovery", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.002", + "tactic": "discovery", + "score": 18, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "defense-evasion", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.004", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.002", + "tactic": "execution", + "score": 42, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1620", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.001", + "tactic": "exfiltration", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071.004", + "tactic": "command-and-control", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1132.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.001", + "tactic": "lateral-movement", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.002", + "tactic": "credential-access", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.010", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1124", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "persistence", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "privilege-escalation", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1649", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552", + "tactic": "credential-access", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.005", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "defense-evasion", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "privilege-escalation", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.006", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1135", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.007", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1528", + "tactic": "credential-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1539", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1005", + "tactic": "collection", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.002", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.004", + "tactic": "credential-access", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.006", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1119", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.007", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.007", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1608", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1012", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1491.001", + "tactic": "impact", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1563.002", + "tactic": "lateral-movement", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074.001", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.002", + "tactic": "resource-development", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1570", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.005", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "execution", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1526", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.003", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.002", + "tactic": "discovery", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.001", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1217", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.004", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110.002", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1095", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1039", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590.001", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1211", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.014", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.014", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.010", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.010", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.002", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.002", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "collection", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.004", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546", + "tactic": "privilege-escalation", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546", + "tactic": "persistence", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1120", + "tactic": "discovery", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567.001", + "tactic": "exfiltration", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559.001", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558", + "tactic": "credential-access", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1041", + "tactic": "exfiltration", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.002", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.005", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1554", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1599.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1001.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.009", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.009", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1008", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1195", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1195.001", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137.006", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.005", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1573", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114.001", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1020", + "tactic": "exfiltration", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.009", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.009", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.010", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.010", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1125", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.008", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.008", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "credential-access", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "persistence", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559.002", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1200", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1010", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1187", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1207", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "lateral-movement", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1213", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1498", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1611", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.007", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1609", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.003", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.004", + "tactic": "discovery", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1495", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.003", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.003", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586.003", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "defense-evasion", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "persistence", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "privilege-escalation", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "initial-access", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.006", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.006", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1213.003", + "tactic": "collection", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1537", + "tactic": "exfiltration", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.003", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1621", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.007", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1606", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1591.004", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1525", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.007", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1580", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.009", + "tactic": "execution", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1199", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.004", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1129", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.004", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.008", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.008", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + } + ] +} \ No newline at end of file diff --git a/other/sigma_attack_nav_coverage.png b/other/sigma_attack_nav_coverage.png deleted file mode 100644 index 47a7a4c63..000000000 Binary files a/other/sigma_attack_nav_coverage.png and /dev/null differ diff --git a/other/sigma_attack_nav_coverage.svg b/other/sigma_attack_nav_coverage.svg new file mode 100644 index 000000000..e7a631c0f --- /dev/null +++ b/other/sigma_attack_nav_coverage.svg @@ -0,0 +1,2 @@ + +aboutSigma 2025-02Sigma coverageheatmap generated by SigmaCLI with score function countdomainEnterprise ATT&CK v16platformsWindows, Linux, macOS,Network, PRE, Containers,IaaS, SaaS, OfficeSuite, Identity Providerlegend0.03.36.710Active ScanningGather VictimHost InformationGather VictimIdentity InformationGather VictimNetwork InformationGather VictimOrg InformationPhishingfor InformationSearchClosed SourcesSearch OpenTechnical DatabasesSearch OpenWebsites/DomainsSearch Victim-OwnedWebsitesReconnaissanceAcquire AccessAcquireInfrastructureCompromiseAccountsCompromiseInfrastructureDevelopCapabilitiesEstablishAccountsObtainCapabilitiesStageCapabilitiesResourceDevelopmentContentInjectionDrive-byCompromiseExploit Public-FacingApplicationExternalRemote ServicesHardwareAdditionsPhishingReplication ThroughRemovable MediaSupply ChainCompromiseTrustedRelationshipValid AccountsInitial AccessCloud AdministrationCommandCommand andScripting InterpreterContainerAdministration CommandDeployContainerExploitation forClient ExecutionInter-ProcessCommunicationNative APIScheduledTask/JobServerlessExecutionShared ModulesSoftwareDeployment ToolsSystem ServicesUser ExecutionWindows ManagementInstrumentationExecutionAccountManipulationBITS JobsBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsBrowserExtensionsCompromise HostSoftware BinaryCreate AccountCreate or ModifySystem ProcessEvent TriggeredExecutionExternalRemote ServicesHijackExecution FlowImplantInternal ImageModify AuthenticationProcessOffice ApplicationStartupPower SettingsPre-OS BootScheduledTask/JobServer SoftwareComponentTrafficSignalingValid AccountsPersistenceAbuse ElevationControl MechanismAccess TokenManipulationAccountManipulationBoot or LogonAutostart ExecutionBoot or LogonInitialization ScriptsCreate or ModifySystem ProcessDomain or TenantPolicy ModificationEscape to HostEvent TriggeredExecutionExploitation forPrivilege EscalationHijackExecution FlowProcessInjectionScheduledTask/JobValid AccountsPrivilegeEscalationAbuse ElevationControl MechanismAccess TokenManipulationBITS JobsBuildImage on HostDebuggerEvasionDeobfuscate/DecodeFiles or InformationDeployContainerDirectVolume AccessDomain or TenantPolicy ModificationExecutionGuardrailsExploitation forDefense EvasionFile andDirectory PermissionsModificationHide ArtifactsHijackExecution FlowImpair DefensesImpersonationIndicatorRemovalIndirect CommandExecutionMasqueradingModify AuthenticationProcessModify Cloud ComputeInfrastructureModify CloudResource HierarchyModify RegistryModifySystem ImageNetwork BoundaryBridgingObfuscated Filesor InformationPlist FileModificationPre-OS BootProcessInjectionReflectiveCode LoadingRogue DomainControllerRootkitSubvertTrust ControlsSystem BinaryProxy ExecutionSystem ScriptProxy ExecutionTemplateInjectionTrafficSignalingTrustedDeveloper UtilitiesProxy ExecutionUnused/UnsupportedCloud RegionsUse AlternateAuthenticationMaterialValid AccountsVirtualization/SandboxEvasionWeakenEncryptionXSL ScriptProcessingDefense EvasionAdversary-in-the-MiddleBrute ForceCredentials fromPassword StoresExploitation forCredential AccessForcedAuthenticationForgeWeb CredentialsInput CaptureModify AuthenticationProcessMulti-FactorAuthenticationInterceptionMulti-FactorAuthenticationRequest GenerationNetworkSniffingOS CredentialDumpingSteal ApplicationAccess TokenSteal orForge AuthenticationCertificatesSteal or ForgeKerberos TicketsSteal WebSession CookieUnsecuredCredentialsCredentialAccessAccountDiscoveryApplicationWindow DiscoveryBrowser InformationDiscoveryCloud InfrastructureDiscoveryCloud ServiceDashboardCloud ServiceDiscoveryCloud StorageObject DiscoveryContainer andResource DiscoveryDebuggerEvasionDevice DriverDiscoveryDomainTrust DiscoveryFile and DirectoryDiscoveryGroup PolicyDiscoveryLog EnumerationNetwork ServiceDiscoveryNetworkShare DiscoveryNetworkSniffingPassword PolicyDiscoveryPeripheralDevice DiscoveryPermissionGroups DiscoveryProcessDiscoveryQuery RegistryRemote SystemDiscoverySoftwareDiscoverySystem InformationDiscoverySystem LocationDiscoverySystemNetwork ConfigurationDiscoverySystem NetworkConnections DiscoverySystem Owner/UserDiscoverySystem ServiceDiscoverySystemTime DiscoveryVirtualization/SandboxEvasionDiscoveryExploitation ofRemote ServicesInternalSpearphishingLateralTool TransferRemote ServiceSession HijackingRemote ServicesReplication ThroughRemovable MediaSoftwareDeployment ToolsTaintShared ContentUse AlternateAuthenticationMaterialLateralMovementAdversary-in-the-MiddleArchiveCollected DataAudio CaptureAutomatedCollectionBrowser SessionHijackingClipboard DataData fromCloud StorageDatafrom ConfigurationRepositoryData from InformationRepositoriesData fromLocal SystemData from NetworkShared DriveData fromRemovable MediaData StagedEmailCollectionInput CaptureScreen CaptureVideo CaptureCollectionApplicationLayer ProtocolCommunication ThroughRemovable MediaContentInjectionData EncodingDataObfuscationDynamicResolutionEncryptedChannelFallbackChannelsHideInfrastructureIngressTool TransferMulti-StageChannelsNon-ApplicationLayer ProtocolNon-StandardPortProtocolTunnelingProxyRemoteAccess SoftwareTrafficSignalingWeb ServiceCommandand ControlAutomatedExfiltrationData TransferSize LimitsExfiltration OverAlternative ProtocolExfiltrationOver C2 ChannelExfiltration OverOther Network MediumExfiltration OverPhysical MediumExfiltrationOver Web ServiceScheduledTransferTransfer Datato Cloud AccountExfiltrationAccountAccess RemovalDataDestructionData Encryptedfor ImpactDataManipulationDefacementDisk WipeEndpoint Denialof ServiceFinancial TheftFirmwareCorruptionInhibitSystem RecoveryNetwork Denialof ServiceResourceHijackingService StopSystemShutdown/RebootImpact \ No newline at end of file