diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json index 388a02ab1..069d6bf80 100644 --- a/other/sigma_attack_nav_coverage.json +++ b/other/sigma_attack_nav_coverage.json @@ -13,56 +13,12 @@ "#ff0000" ], "minValue": 0, - "maxValue": 1345 + "maxValue": 1352 }, "techniques": [ { - "techniqueID": "T1071.001", - "tactic": "command-and-control", - "score": 40, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "defense-evasion", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", + "techniqueID": "T1037.005", "tactic": "persistence", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1105", - "tactic": "command-and-control", - "score": 70, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568", - "tactic": "command-and-control", "score": 1, "color": "", "comment": "", @@ -72,284 +28,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1190", - "tactic": "initial-access", - "score": 130, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.002", - "tactic": "exfiltration", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1189", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.002", - "tactic": "execution", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.005", - "tactic": "defense-evasion", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566", - "tactic": "initial-access", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1203", - "tactic": "execution", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1584", - "tactic": "resource-development", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.002", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110", - "tactic": "credential-access", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.003", - "tactic": "persistence", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1083", - "tactic": "discovery", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1221", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.004", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1210", - "tactic": "lateral-movement", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.001", - "tactic": "initial-access", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560.001", - "tactic": "collection", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027", - "tactic": "defense-evasion", - "score": 92, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1490", - "tactic": "impact", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", + "techniqueID": "T1037.005", "tactic": "privilege-escalation", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -358,20 +39,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.004", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", + "techniqueID": "T1546.014", "tactic": "privilege-escalation", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -380,9 +50,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059", - "tactic": "execution", - "score": 91, + "techniqueID": "T1546.014", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -391,9 +61,86 @@ "showSubtechniques": false }, { - "techniqueID": "T1204", - "tactic": "execution", - "score": 10, + "techniqueID": "T1078", + "tactic": "defense-evasion", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "persistence", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "privilege-escalation", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078", + "tactic": "initial-access", + "score": 60, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.001", + "tactic": "initial-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -413,163 +160,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.002", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.007", - "tactic": "execution", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.001", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.006", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1113", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.001", - "tactic": "persistence", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.001", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1529", + "tactic": "impact", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -602,7 +195,73 @@ { "techniqueID": "T1552.001", "tactic": "credential-access", - "score": 21, + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1105", + "tactic": "command-and-control", + "score": 70, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1018", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.001", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1490", + "tactic": "impact", + "score": 25, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.001", + "tactic": "initial-access", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560.001", + "tactic": "collection", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -622,51 +281,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "defense-evasion", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "persistence", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "privilege-escalation", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "initial-access", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", + "techniqueID": "T1497.001", "tactic": "defense-evasion", "score": 3, "color": "", @@ -677,8 +292,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", - "tactic": "persistence", + "techniqueID": "T1497.001", + "tactic": "discovery", "score": 3, "color": "", "comment": "", @@ -688,31 +303,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", + "techniqueID": "T1036.006", "tactic": "defense-evasion", - "score": 5, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -721,9 +314,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", - "tactic": "persistence", - "score": 5, + "techniqueID": "T1056.002", + "tactic": "collection", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -732,20 +325,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", - "tactic": "privilege-escalation", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "initial-access", - "score": 5, + "techniqueID": "T1056.002", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -776,9 +358,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.002", + "techniqueID": "T1078.003", "tactic": "defense-evasion", - "score": 4, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -787,9 +369,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1497.001", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1078.003", + "tactic": "persistence", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -798,9 +380,53 @@ "showSubtechniques": false }, { - "techniqueID": "T1497.001", + "techniqueID": "T1078.003", + "tactic": "privilege-escalation", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "initial-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.006", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "credential-access", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", "tactic": "discovery", - "score": 3, + "score": 9, "color": "", "comment": "", "enabled": true, @@ -819,50 +445,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1552.003", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "credential-access", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.001", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1518.001", "tactic": "discovery", @@ -875,9 +457,86 @@ "showSubtechniques": false }, { - "techniqueID": "T1071", - "tactic": "command-and-control", - "score": 6, + "techniqueID": "T1189", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1203", + "tactic": "execution", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059", + "tactic": "execution", + "score": 91, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.003", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.002", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.001", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.001", + "tactic": "credential-access", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -908,9 +567,20 @@ "showSubtechniques": false }, { - "techniqueID": "T1069.001", + "techniqueID": "T1204.002", + "tactic": "execution", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1083", "tactic": "discovery", - "score": 16, + "score": 21, "color": "", "comment": "", "enabled": true, @@ -919,9 +589,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.002", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1113", + "tactic": "collection", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -930,9 +600,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1529", - "tactic": "impact", - "score": 8, + "techniqueID": "T1543.001", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -941,8 +611,30 @@ "showSubtechniques": false }, { - "techniqueID": "T1030", - "tactic": "exfiltration", + "techniqueID": "T1543.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -963,9 +655,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.001", - "tactic": "defense-evasion", - "score": 107, + "techniqueID": "T1016", + "tactic": "discovery", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -974,8 +666,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1046", - "tactic": "discovery", + "techniqueID": "T1136.001", + "tactic": "persistence", "score": 14, "color": "", "comment": "", @@ -985,9 +677,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1018", - "tactic": "discovery", - "score": 16, + "techniqueID": "T1070.002", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -996,8 +688,96 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.001", - "tactic": "credential-access", + "techniqueID": "T1027", + "tactic": "defense-evasion", + "score": 92, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566", + "tactic": "initial-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204", + "tactic": "execution", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.001", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.007", + "tactic": "execution", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.001", + "tactic": "defense-evasion", + "score": 111, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.001", + "tactic": "execution", "score": 1, "color": "", "comment": "", @@ -1040,9 +820,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1016", + "techniqueID": "T1046", "tactic": "discovery", - "score": 12, + "score": 14, "color": "", "comment": "", "enabled": true, @@ -1051,9 +831,31 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.005", + "techniqueID": "T1030", + "tactic": "exfiltration", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.003", "tactic": "persistence", - "score": 1, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -1062,9 +864,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.005", + "techniqueID": "T1053.003", "tactic": "privilege-escalation", - "score": 1, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -1073,9 +875,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.014", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1071", + "tactic": "command-and-control", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1084,9 +886,31 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.014", + "techniqueID": "T1071.001", + "tactic": "command-and-control", + "score": 40, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", "tactic": "persistence", - "score": 1, + "score": 45, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", + "tactic": "privilege-escalation", + "score": 45, "color": "", "comment": "", "enabled": true, @@ -1106,9 +930,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.004", - "tactic": "defense-evasion", - "score": 15, + "techniqueID": "T1543", + "tactic": "persistence", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1117,9 +941,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.004", - "tactic": "execution", - "score": 12, + "techniqueID": "T1543", + "tactic": "privilege-escalation", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1128,29 +952,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1592.004", - "tactic": "reconnaissance", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1496", - "tactic": "impact", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.003", + "techniqueID": "T1599.001", "tactic": "defense-evasion", "score": 1, "color": "", @@ -1161,9 +963,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.012", - "tactic": "execution", - "score": 9, + "techniqueID": "T1557.001", + "tactic": "credential-access", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -1172,9 +974,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1033", - "tactic": "discovery", - "score": 31, + "techniqueID": "T1557.001", + "tactic": "collection", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -1183,8 +985,41 @@ "showSubtechniques": false }, { - "techniqueID": "T1007", - "tactic": "discovery", + "techniqueID": "T1055.012", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.002", + "tactic": "credential-access", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.004", + "tactic": "credential-access", "score": 11, "color": "", "comment": "", @@ -1194,9 +1029,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1531", - "tactic": "impact", - "score": 9, + "techniqueID": "T1003.001", + "tactic": "credential-access", + "score": 75, "color": "", "comment": "", "enabled": true, @@ -1205,19 +1040,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1485", - "tactic": "impact", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567", - "tactic": "exfiltration", + "techniqueID": "T1003.006", + "tactic": "credential-access", "score": 7, "color": "", "comment": "", @@ -1227,62 +1051,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.002", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.001", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036", - "tactic": "defense-evasion", - "score": 41, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136", + "techniqueID": "T1554", "tactic": "persistence", "score": 3, "color": "", @@ -1293,206 +1062,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.004", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.004", - "tactic": "defense-evasion", - "score": 29, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090", - "tactic": "command-and-control", - "score": 22, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1014", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "privilege-escalation", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "defense-evasion", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1593.003", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "persistence", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "privilege-escalation", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587", - "tactic": "resource-development", + "techniqueID": "T1187", + "tactic": "credential-access", "score": 6, "color": "", "comment": "", @@ -1502,492 +1073,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1571", - "tactic": "command-and-control", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568.002", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1572", - "tactic": "command-and-control", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102", - "tactic": "command-and-control", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.006", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1489", - "tactic": "impact", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499", - "tactic": "impact", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "persistence", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "privilege-escalation", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "defense-evasion", - "score": 87, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.003", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1201", - "tactic": "discovery", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1123", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "persistence", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "privilege-escalation", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1106", + "techniqueID": "T1559.001", "tactic": "execution", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1057", - "tactic": "discovery", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003", - "tactic": "credential-access", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1212", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.001", - "tactic": "resource-development", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1589", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.008", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.001", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1202", - "tactic": "defense-evasion", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "execution", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "persistence", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "privilege-escalation", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518", - "tactic": "discovery", "score": 4, "color": "", "comment": "", @@ -1996,270 +1083,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1558.003", - "tactic": "credential-access", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "persistence", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.009", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.002", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.003", - "tactic": "execution", - "score": 35, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.002", - "tactic": "lateral-movement", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "privilege-escalation", - "score": 54, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "defense-evasion", - "score": 54, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1614.001", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.003", - "tactic": "credential-access", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1486", - "tactic": "impact", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1218.010", "tactic": "defense-evasion", @@ -2274,7 +1097,7 @@ { "techniqueID": "T1482", "tactic": "discovery", - "score": 14, + "score": 17, "color": "", "comment": "", "enabled": true, @@ -2283,647 +1106,31 @@ "showSubtechniques": false }, { - "techniqueID": "T1090.003", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.004", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.005", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562", - "tactic": "defense-evasion", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "defense-evasion", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "persistence", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.001", - "tactic": "execution", - "score": 217, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.009", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.006", - "tactic": "credential-access", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1220", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.001", - "tactic": "credential-access", - "score": 74, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.010", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1047", - "tactic": "execution", - "score": 46, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.001", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.007", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "persistence", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "privilege-escalation", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "defense-evasion", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1185", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.004", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587.001", - "tactic": "resource-development", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.003", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.006", - "tactic": "lateral-movement", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.005", - "tactic": "execution", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.011", - "tactic": "defense-evasion", - "score": 43, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.004", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.013", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1104", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1176", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1615", - "tactic": "discovery", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.002", - "tactic": "discovery", - "score": 18, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.004", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.002", - "tactic": "execution", - "score": 42, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1620", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.001", + "techniqueID": "T1567.002", "tactic": "exfiltration", - "score": 1, + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056", + "tactic": "credential-access", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2943,9 +1150,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1132.001", - "tactic": "command-and-control", - "score": 4, + "techniqueID": "T1210", + "tactic": "lateral-movement", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -2954,8 +1161,52 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.001", - "tactic": "lateral-movement", + "techniqueID": "T1590", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.003", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1106", + "tactic": "execution", "score": 14, "color": "", "comment": "", @@ -2965,86 +1216,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.002", - "tactic": "credential-access", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.010", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1124", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "persistence", - "score": 37, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", + "techniqueID": "T1548", "tactic": "privilege-escalation", - "score": 37, + "score": 20, "color": "", "comment": "", "enabled": true, @@ -3053,42 +1227,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1649", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552", - "tactic": "credential-access", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.005", - "tactic": "credential-access", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", + "techniqueID": "T1548", "tactic": "defense-evasion", - "score": 31, + "score": 20, "color": "", "comment": "", "enabled": true, @@ -3097,9 +1238,20 @@ "showSubtechniques": false }, { - "techniqueID": "T1055", + "techniqueID": "T1562.002", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", "tactic": "privilege-escalation", - "score": 31, + "score": 54, "color": "", "comment": "", "enabled": true, @@ -3108,31 +1260,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1072", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1072", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", + "techniqueID": "T1548.002", "tactic": "defense-evasion", - "score": 1, + "score": 54, "color": "", "comment": "", "enabled": true, @@ -3141,52 +1271,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1622", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.006", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", + "techniqueID": "T1218.003", "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1135", - "tactic": "discovery", "score": 7, "color": "", "comment": "", @@ -3196,7 +1282,535 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.007", + "techniqueID": "T1055.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.001", + "tactic": "execution", + "score": 216, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.006", + "tactic": "lateral-movement", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "defense-evasion", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "privilege-escalation", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.011", + "tactic": "defense-evasion", + "score": 43, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.005", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.005", + "tactic": "execution", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.005", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1047", + "tactic": "execution", + "score": 47, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.001", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.003", + "tactic": "credential-access", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.006", + "tactic": "credential-access", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1176", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110", + "tactic": "credential-access", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.001", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.002", + "tactic": "discovery", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.002", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.004", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1202", + "tactic": "defense-evasion", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036", + "tactic": "defense-evasion", + "score": 41, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1012", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "persistence", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "privilege-escalation", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.001", + "tactic": "defense-evasion", + "score": 87, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "persistence", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098", + "tactic": "privilege-escalation", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "defense-evasion", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "persistence", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.002", + "tactic": "lateral-movement", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "defense-evasion", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.004", + "tactic": "defense-evasion", + "score": 29, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.002", "tactic": "defense-evasion", "score": 3, "color": "", @@ -3207,8 +1821,195 @@ "showSubtechniques": false }, { - "techniqueID": "T1528", + "techniqueID": "T1556.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1190", + "tactic": "initial-access", + "score": 134, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.013", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.005", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1072", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.008", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003", "tactic": "credential-access", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.003", + "tactic": "persistence", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1033", + "tactic": "discovery", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1489", + "tactic": "impact", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "defense-evasion", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "persistence", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562", + "tactic": "defense-evasion", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1486", + "tactic": "impact", "score": 14, "color": "", "comment": "", @@ -3217,6 +2018,17 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1555", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1539", "tactic": "credential-access", @@ -3228,6 +2040,17 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1555.003", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1005", "tactic": "collection", @@ -3240,40 +2063,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.002", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.004", - "tactic": "credential-access", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.006", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.002", + "techniqueID": "T1134", "tactic": "defense-evasion", "score": 2, "color": "", @@ -3284,19 +2074,52 @@ "showSubtechniques": false }, { - "techniqueID": "T1119", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", + "techniqueID": "T1134", "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558.003", + "tactic": "credential-access", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.009", + "tactic": "defense-evasion", "score": 4, "color": "", "comment": "", @@ -3306,9 +2129,20 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.007", + "techniqueID": "T1053.005", + "tactic": "execution", + "score": 48, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.005", "tactic": "persistence", - "score": 4, + "score": 48, "color": "", "comment": "", "enabled": true, @@ -3317,7 +2151,40 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.001", + "techniqueID": "T1053.005", + "tactic": "privilege-escalation", + "score": 48, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.004", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", "tactic": "privilege-escalation", "score": 3, "color": "", @@ -3328,8 +2195,162 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.001", + "techniqueID": "T1595", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.003", + "tactic": "execution", + "score": 35, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090", + "tactic": "command-and-control", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1526", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1491.001", + "tactic": "impact", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.004", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.005", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567", + "tactic": "exfiltration", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "execution", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1649", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1485", + "tactic": "impact", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.003", + "tactic": "defense-evasion", "score": 3, "color": "", "comment": "", @@ -3350,8 +2371,85 @@ "showSubtechniques": false }, { - "techniqueID": "T1012", - "tactic": "discovery", + "techniqueID": "T1560", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "persistence", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "privilege-escalation", + "score": 37, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.005", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1123", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587.001", + "tactic": "resource-development", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1132.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102", + "tactic": "command-and-control", "score": 13, "color": "", "comment": "", @@ -3361,7 +2459,128 @@ "showSubtechniques": false }, { - "techniqueID": "T1595", + "techniqueID": "T1572", + "tactic": "command-and-control", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.001", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "persistence", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "privilege-escalation", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "defense-evasion", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.003", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.007", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1593.003", "tactic": "reconnaissance", "score": 2, "color": "", @@ -3372,9 +2591,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1491.001", - "tactic": "impact", - "score": 4, + "techniqueID": "T1070.004", + "tactic": "defense-evasion", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -3383,74 +2602,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1563.002", - "tactic": "lateral-movement", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074.001", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.002", - "tactic": "resource-development", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", + "techniqueID": "T1574", "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1570", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.005", - "tactic": "defense-evasion", "score": 8, "color": "", "comment": "", @@ -3460,85 +2613,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1053", - "tactic": "execution", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", + "techniqueID": "T1574", "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1526", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.003", - "tactic": "credential-access", "score": 8, "color": "", "comment": "", @@ -3548,185 +2624,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.006", + "techniqueID": "T1574", "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.002", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.001", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "persistence", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1217", - "tactic": "discovery", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.004", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.002", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1095", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1039", - "tactic": "collection", - "score": 2, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3746,7 +2646,227 @@ "showSubtechniques": false }, { - "techniqueID": "T1211", + "techniqueID": "T1218.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546", + "tactic": "privilege-escalation", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546", + "tactic": "persistence", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1135", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1217", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1528", + "tactic": "credential-access", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1104", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587", + "tactic": "resource-development", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "persistence", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053.002", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1570", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.002", + "tactic": "execution", + "score": 42, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.003", "tactic": "defense-evasion", "score": 4, "color": "", @@ -3756,6 +2876,248 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1550.003", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.003", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.001", + "tactic": "lateral-movement", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1007", + "tactic": "discovery", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1563.002", + "tactic": "lateral-movement", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1185", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1615", + "tactic": "discovery", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1496", + "tactic": "impact", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.002", + "tactic": "resource-development", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.006", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.010", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1204.004", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1124", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1614.001", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1505.005", "tactic": "persistence", @@ -3800,6 +3162,28 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1546.007", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.007", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1547.014", "tactic": "persistence", @@ -3888,6 +3272,193 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1518", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.009", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074.001", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1119", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1057", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.001", + "tactic": "exfiltration", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1201", + "tactic": "discovery", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1620", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552", + "tactic": "credential-access", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1220", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1505.002", "tactic": "persistence", @@ -3900,8 +3471,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1114", - "tactic": "collection", + "techniqueID": "T1552.002", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.004", + "tactic": "credential-access", "score": 4, "color": "", "comment": "", @@ -3910,6 +3492,94 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1027.010", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.006", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1021.004", "tactic": "lateral-movement", @@ -3922,41 +3592,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546", - "tactic": "privilege-escalation", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546", - "tactic": "persistence", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.001", - "tactic": "credential-access", + "techniqueID": "T1095", + "tactic": "command-and-control", "score": 3, "color": "", "comment": "", @@ -3965,61 +3602,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1546.015", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1120", "tactic": "discovery", @@ -4031,6 +3613,127 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1036.007", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1110.002", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.004", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1211", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1212", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1039", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1027.002", "tactic": "defense-evasion", @@ -4043,8 +3746,30 @@ "showSubtechniques": false }, { - "techniqueID": "T1567.001", - "tactic": "exfiltration", + "techniqueID": "T1568.002", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1571", + "tactic": "command-and-control", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558", + "tactic": "credential-access", "score": 6, "color": "", "comment": "", @@ -4053,6 +3778,17 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1102.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1127.001", "tactic": "defense-evasion", @@ -4065,20 +3801,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1559.001", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1558", - "tactic": "credential-access", - "score": 6, + "techniqueID": "T1567.001", + "tactic": "exfiltration", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4109,52 +3834,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.012", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.005", - "tactic": "credential-access", + "techniqueID": "T1590.002", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "", @@ -4164,7 +3845,51 @@ "showSubtechniques": false }, { - "techniqueID": "T1554", + "techniqueID": "T1200", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "lateral-movement", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1010", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.002", "tactic": "persistence", "score": 3, "color": "", @@ -4175,7 +3900,18 @@ "showSubtechniques": false }, { - "techniqueID": "T1006", + "techniqueID": "T1207", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.002", "tactic": "defense-evasion", "score": 1, "color": "", @@ -4186,7 +3922,95 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.011", + "techniqueID": "T1547.009", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.009", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "credential-access", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556", + "tactic": "persistence", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1001.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", "tactic": "defense-evasion", "score": 1, "color": "", @@ -4197,7 +4021,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.011", + "techniqueID": "T1134.005", "tactic": "privilege-escalation", "score": 1, "color": "", @@ -4208,8 +4032,360 @@ "showSubtechniques": false }, { - "techniqueID": "T1599.001", + "techniqueID": "T1557.003", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.003", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1531", + "tactic": "impact", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1584", + "tactic": "resource-development", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.004", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1137.006", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1020", + "tactic": "exfiltration", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114.001", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.005", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1573", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -4229,39 +4405,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1001.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1008", "tactic": "command-and-control", @@ -4273,39 +4416,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1136.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1195", "tactic": "initial-access", @@ -4328,39 +4438,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1137.006", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1137.003", "tactic": "persistence", @@ -4372,160 +4449,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1553.005", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1573", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114.001", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1020", - "tactic": "exfiltration", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1589.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1546.009", "tactic": "privilege-escalation", @@ -4549,7 +4472,18 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.010", + "techniqueID": "T1547.008", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.008", "tactic": "privilege-escalation", "score": 1, "color": "", @@ -4560,7 +4494,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.010", + "techniqueID": "T1547.005", "tactic": "persistence", "score": 1, "color": "", @@ -4570,6 +4504,17 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1547.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1125", "tactic": "collection", @@ -4582,8 +4527,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.008", - "tactic": "persistence", + "techniqueID": "T1546.010", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -4593,8 +4538,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.008", - "tactic": "privilege-escalation", + "techniqueID": "T1546.010", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -4626,31 +4571,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556", - "tactic": "credential-access", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "persistence", - "score": 13, + "techniqueID": "T1559.002", + "tactic": "execution", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4692,9 +4615,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1559.002", + "techniqueID": "T1059.004", "tactic": "execution", - "score": 1, + "score": 12, "color": "", "comment": "", "enabled": true, @@ -4703,62 +4626,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1590.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1200", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1010", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1187", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1207", + "techniqueID": "T1055.009", "tactic": "defense-evasion", "score": 2, "color": "", @@ -4769,96 +4637,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.005", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", + "techniqueID": "T1055.009", "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "lateral-movement", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -4868,7 +4648,18 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", + "techniqueID": "T1222.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", "tactic": "persistence", "score": 2, "color": "", @@ -4879,7 +4670,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", + "techniqueID": "T1574.006", "tactic": "privilege-escalation", "score": 2, "color": "", @@ -4890,8 +4681,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", - "tactic": "initial-access", + "techniqueID": "T1574.006", + "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -4901,8 +4692,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1588", - "tactic": "resource-development", + "techniqueID": "T1543.002", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -4912,8 +4703,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1499.001", - "tactic": "impact", + "techniqueID": "T1543.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -4922,6 +4724,226 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1547.006", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499", + "tactic": "impact", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.001", + "tactic": "impact", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.012", + "tactic": "execution", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1592.004", + "tactic": "reconnaissance", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1014", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.001", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1568", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.002", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1221", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1505.001", "tactic": "persistence", @@ -4934,8 +4956,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1213", - "tactic": "collection", + "techniqueID": "T1098.003", + "tactic": "persistence", "score": 7, "color": "", "comment": "", @@ -4945,8 +4967,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1498", - "tactic": "impact", + "techniqueID": "T1098.003", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.001", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -4956,8 +4989,19 @@ "showSubtechniques": false }, { - "techniqueID": "T1611", + "techniqueID": "T1098.001", "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.006", + "tactic": "credential-access", "score": 2, "color": "", "comment": "", @@ -4967,8 +5011,96 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.007", - "tactic": "credential-access", + "techniqueID": "T1556.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1556.006", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586.003", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "defense-evasion", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "persistence", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "privilege-escalation", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.004", + "tactic": "initial-access", + "score": 38, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1213.003", + "tactic": "collection", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.003", + "tactic": "persistence", "score": 4, "color": "", "comment": "", @@ -4978,9 +5110,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1609", - "tactic": "execution", - "score": 2, + "techniqueID": "T1537", + "tactic": "exfiltration", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4989,8 +5121,52 @@ "showSubtechniques": false }, { - "techniqueID": "T1069.003", - "tactic": "discovery", + "techniqueID": "T1606", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1098.005", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -5010,6 +5186,226 @@ "links": [], "showSubtechniques": false }, + { + "techniqueID": "T1621", + "tactic": "credential-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.007", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.007", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1213", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1591.004", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1199", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1580", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1525", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.009", + "tactic": "execution", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.001", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.007", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1498", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.003", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1611", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1609", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, { "techniqueID": "T1595.002", "tactic": "reconnaissance", @@ -5022,7 +5418,18 @@ "showSubtechniques": false }, { - "techniqueID": "T1495", + "techniqueID": "T1505", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.002", "tactic": "impact", "score": 1, "color": "", @@ -5055,29 +5462,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1074", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.002", + "techniqueID": "T1495", "tactic": "impact", "score": 1, "color": "", @@ -5088,360 +5473,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.003", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.003", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586.003", - "tactic": "resource-development", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "defense-evasion", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "persistence", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "privilege-escalation", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "initial-access", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1213.003", - "tactic": "collection", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1537", - "tactic": "exfiltration", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.003", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1621", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.007", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1606", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1591.004", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1525", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.007", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1580", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.009", + "techniqueID": "T1129", "tactic": "execution", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1199", - "tactic": "initial-access", "score": 1, "color": "", "comment": "", @@ -5461,17 +5494,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1129", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1559", "tactic": "execution", @@ -5494,17 +5516,6 @@ "links": [], "showSubtechniques": false }, - { - "techniqueID": "T1036.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, { "techniqueID": "T1070.008", "tactic": "defense-evasion", @@ -5515,6 +5526,17 @@ "metadata": [], "links": [], "showSubtechniques": false + }, + { + "techniqueID": "T1036.008", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false } ] } \ No newline at end of file