From f3e5d51f7bee2d571bc1093990812e3c4bce9f04 Mon Sep 17 00:00:00 2001 From: Carrie Roberts Date: Mon, 24 Feb 2025 10:44:38 -0700 Subject: [PATCH] Merge PR #5210 from @clr2of8 - Update Attack Nav layer Version,Title and Color chore: Update the ATT&CK Nav layer version to avoid warnings and upgrade prompts when loaded into the navigator. Give the layer a representative title and adjust the color scheme used to be more meaningful, --- other/sigma_attack_nav_coverage.json | 9553 +++++++++++--------------- 1 file changed, 4056 insertions(+), 5497 deletions(-) diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json index b869fb992..9d127b374 100644 --- a/other/sigma_attack_nav_coverage.json +++ b/other/sigma_attack_nav_coverage.json @@ -1,5498 +1,4057 @@ { - "name": "layer", - "versions": { - "attack": "15.1", - "navigator": "4.8.1", - "layer": "4.4" - }, - "domain": "enterprise-attack", - "description": "Sigma coverage heatmap generated by Sigma CLI with score function count", - "gradient": { - "colors": [ - "#ffffff00", - "#ff0000" - ], - "minValue": 0, - "maxValue": 1317 - }, - "techniques": [ - { - "techniqueID": "T1190", - "tactic": "initial-access", - "score": 127, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "defense-evasion", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "persistence", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "privilege-escalation", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078", - "tactic": "initial-access", - "score": 60, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552", - "tactic": "credential-access", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.007", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1498", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1609", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1611", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.005", - "tactic": "defense-evasion", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.003", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.004", - "tactic": "discovery", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1213", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090", - "tactic": "command-and-control", - "score": 22, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003", - "tactic": "credential-access", - "score": 32, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1123", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1005", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1016", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1133", - "tactic": "persistence", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1133", - "tactic": "initial-access", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1041", - "tactic": "exfiltration", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "execution", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.002", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1033", - "tactic": "discovery", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.003", - "tactic": "lateral-movement", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1047", - "tactic": "execution", - "score": 44, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1112", - "tactic": "defense-evasion", - "score": 85, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.002", - "tactic": "execution", - "score": 42, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1203", - "tactic": "execution", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1219", - "tactic": "command-and-control", - "score": 40, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204", - "tactic": "execution", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1558", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.001", - "tactic": "credential-access", - "score": 73, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.002", - "tactic": "credential-access", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1486", - "tactic": "impact", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.003", - "tactic": "persistence", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.001", - "tactic": "defense-evasion", - "score": 106, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566", - "tactic": "initial-access", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.002", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.007", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.001", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "defense-evasion", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "persistence", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "privilege-escalation", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", - "tactic": "initial-access", - "score": 38, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1531", - "tactic": "impact", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1490", - "tactic": "impact", - "score": 26, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.001", - "tactic": "execution", - "score": 214, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.003", - "tactic": "execution", - "score": 33, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.004", - "tactic": "execution", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1537", - "tactic": "exfiltration", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1525", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1485", - "tactic": "impact", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.003", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1580", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "persistence", - "score": 27, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098", - "tactic": "privilege-escalation", - "score": 27, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.009", - "tactic": "execution", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1020", - "tactic": "exfiltration", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "credential-access", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556", - "tactic": "persistence", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "privilege-escalation", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548", - "tactic": "defense-evasion", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1578.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.003", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.003", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1489", - "tactic": "impact", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.001", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.004", - "tactic": "defense-evasion", - "score": 28, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.001", - "tactic": "credential-access", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.003", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.007", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059", - "tactic": "execution", - "score": 90, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1528", - "tactic": "credential-access", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1098.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1140", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1589", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110", - "tactic": "credential-access", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1606", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1526", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.006", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1621", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1213.003", - "tactic": "collection", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.004", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1082", - "tactic": "discovery", - "score": 30, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1591.004", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1195.001", - "tactic": "initial-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1573", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1199", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1586.003", - "tactic": "resource-development", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.006", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1106", - "tactic": "execution", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.006", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1115", - "tactic": "collection", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1068", - "tactic": "privilege-escalation", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.001", - "tactic": "persistence", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560.001", - "tactic": "collection", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.003", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "persistence", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "privilege-escalation", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.001", - "tactic": "defense-evasion", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.006", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.003", - "tactic": "defense-evasion", - "score": 24, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1046", - "tactic": "discovery", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "credential-access", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1040", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1201", - "tactic": "discovery", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.002", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1113", - "tactic": "collection", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1030", - "tactic": "exfiltration", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587", - "tactic": "resource-development", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1584", - "tactic": "resource-development", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.003", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1529", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.004", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1105", - "tactic": "command-and-control", - "score": 64, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.001", - "tactic": "execution", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.001", - "tactic": "resource-development", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1212", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1496", - "tactic": "impact", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1572", - "tactic": "command-and-control", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102", - "tactic": "command-and-control", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567", - "tactic": "exfiltration", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568.002", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1571", - "tactic": "command-and-control", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1083", - "tactic": "discovery", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027", - "tactic": "defense-evasion", - "score": 92, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1592.004", - "tactic": "reconnaissance", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.002", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1007", - "tactic": "discovery", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.009", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.004", - "tactic": "defense-evasion", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.004", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.001", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.001", - "tactic": "discovery", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564", - "tactic": "defense-evasion", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1018", - "tactic": "discovery", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518.001", - "tactic": "discovery", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.001", - "tactic": "command-and-control", - "score": 39, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036", - "tactic": "defense-evasion", - "score": 41, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1593.003", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1049", - "tactic": "discovery", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1014", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.014", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.014", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.002", - "tactic": "execution", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218", - "tactic": "defense-evasion", - "score": 140, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.004", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.002", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.001", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "privilege-escalation", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.003", - "tactic": "initial-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.001", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "collection", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1566.001", - "tactic": "initial-access", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.007", - "tactic": "execution", - "score": 18, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569.001", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.001", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1137.002", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1204.002", - "tactic": "execution", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1189", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1497.001", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.004", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1057", - "tactic": "discovery", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1124", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1495", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1561.001", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1561.002", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1565.002", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557", - "tactic": "collection", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1595.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.004", - "tactic": "command-and-control", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.002", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.004", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1557.001", - "tactic": "collection", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1187", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.002", - "tactic": "lateral-movement", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1095", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048", - "tactic": "exfiltration", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.006", - "tactic": "lateral-movement", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1210", - "tactic": "lateral-movement", - "score": 15, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.001", - "tactic": "lateral-movement", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.004", - "tactic": "credential-access", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.003", - "tactic": "credential-access", - "score": 25, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1558.003", - "tactic": "credential-access", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.004", - "tactic": "impact", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1568", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1102.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1056", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "defense-evasion", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1197", - "tactic": "persistence", - "score": 16, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.002", - "tactic": "exfiltration", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1221", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.006", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1211", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1072", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1072", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.007", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.005", - "tactic": "execution", - "score": 21, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1059.006", - "tactic": "execution", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1649", - "tactic": "credential-access", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.003", - "tactic": "command-and-control", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590.002", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "persistence", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "privilege-escalation", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.002", - "tactic": "defense-evasion", - "score": 79, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1200", - "tactic": "initial-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.002", - "tactic": "defense-evasion", - "score": 23, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.004", - "tactic": "persistence", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069.002", - "tactic": "discovery", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1087.002", - "tactic": "discovery", - "score": 17, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1482", - "tactic": "discovery", - "score": 14, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1587.001", - "tactic": "resource-development", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.002", - "tactic": "lateral-movement", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1012", - "tactic": "discovery", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1207", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.001", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "persistence", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.003", - "tactic": "privilege-escalation", - "score": 45, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1091", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "execution", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "persistence", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1053.005", - "tactic": "privilege-escalation", - "score": 47, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "defense-evasion", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.001", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1554", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1003.005", - "tactic": "credential-access", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1570", - "tactic": "lateral-movement", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.002", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.009", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.001", - "tactic": "command-and-control", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.002", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "persistence", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "privilege-escalation", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.011", - "tactic": "defense-evasion", - "score": 11, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.002", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1010", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1484.001", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1001.003", - "tactic": "command-and-control", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1136.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1039", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "privilege-escalation", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.003", - "tactic": "persistence", - "score": 12, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.001", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499.001", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.012", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.005", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.001", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.005", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.011", - "tactic": "defense-evasion", - "score": 43, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "defense-evasion", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055", - "tactic": "privilege-escalation", - "score": 31, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.003", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1559.001", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.010", - "tactic": "defense-evasion", - "score": 19, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1599.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.004", - "tactic": "credential-access", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1552.006", - "tactic": "credential-access", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "persistence", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "privilege-escalation", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.002", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.004", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1195", - "tactic": "initial-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "persistence", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.001", - "tactic": "privilege-escalation", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1137.006", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1137", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1008", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546", - "tactic": "privilege-escalation", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546", - "tactic": "persistence", - "score": 10, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1137.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.007", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.013", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.002", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.015", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "privilege-escalation", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1548.002", - "tactic": "defense-evasion", - "score": 53, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216", - "tactic": "defense-evasion", - "score": 13, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.003", - "tactic": "defense-evasion", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1202", - "tactic": "defense-evasion", - "score": 36, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1220", - "tactic": "defense-evasion", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1567.001", - "tactic": "exfiltration", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.009", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1127.001", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1550.003", - "tactic": "lateral-movement", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1074.001", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1069", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1555.003", - "tactic": "credential-access", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1119", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "credential-access", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1556.002", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.012", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1620", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1132.001", - "tactic": "command-and-control", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1217", - "tactic": "discovery", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1518", - "tactic": "discovery", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.005", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1222", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "privilege-escalation", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.015", - "tactic": "persistence", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1615", - "tactic": "discovery", - "score": 5, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.006", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1114.001", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.005", - "tactic": "defense-evasion", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1491.001", - "tactic": "impact", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1120", - "tactic": "discovery", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1564.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.009", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1055.011", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1542.003", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1185", - "tactic": "collection", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1176", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1614.001", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "privilege-escalation", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.008", - "tactic": "persistence", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.002", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1048.001", - "tactic": "exfiltration", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1135", - "tactic": "discovery", - "score": 7, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.001", - "tactic": "defense-evasion", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1588.002", - "tactic": "resource-development", - "score": 9, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1110.002", - "tactic": "credential-access", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "defense-evasion", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.003", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1134.004", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.005", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1216.001", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.013", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1563.002", - "tactic": "lateral-movement", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.007", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1218.008", - "tactic": "defense-evasion", - "score": 8, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1104", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1590.001", - "tactic": "reconnaissance", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1595", - "tactic": "reconnaissance", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1622", - "tactic": "discovery", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1037.001", - "tactic": "privilege-escalation", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1562.010", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "privilege-escalation", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.011", - "tactic": "persistence", - "score": 6, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1505.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1574.007", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.014", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.014", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.010", - "tactic": "persistence", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.010", - "tactic": "privilege-escalation", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.002", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.002", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1539", - "tactic": "credential-access", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1608", - "tactic": "resource-development", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1569", - "tactic": "execution", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1560", - "tactic": "collection", - "score": 4, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1021.005", - "tactic": "lateral-movement", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1006", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.009", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.009", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.010", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.010", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.005", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.008", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.008", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1125", - "tactic": "collection", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1559.002", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "privilege-escalation", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1546.012", - "tactic": "persistence", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1553.003", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.003", - "tactic": "persistence", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1547.003", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.004", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1559", - "tactic": "execution", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1499", - "tactic": "impact", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1070.008", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1036.008", - "tactic": "defense-evasion", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1090.004", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1027.010", - "tactic": "defense-evasion", - "score": 2, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - } - ] -} \ No newline at end of file + "name": "Sigma 2025-02", + "versions": { + "attack": "16", + "navigator": "5.1.0", + "layer": "4.5" + }, + "domain": "enterprise-attack", + "description": "Sigma coverage heatmap generated by Sigma CLI with score function count", + "filters": { + "platforms": [ + "Windows", + "Linux", + "macOS", + "Network", + "PRE", + "Containers", + "IaaS", + "SaaS", + "Office Suite", + "Identity Provider" + ] + }, + "sorting": 0, + "layout": { + "layout": "side", + "aggregateFunction": "average", + "showID": false, + "showName": true, + "showAggregateScores": false, + "countUnscored": false, + "expandedSubtechniques": "none" + }, + "hideDisabled": false, + "techniques": [ + { + "techniqueID": "T1047", + "tactic": "execution", + "score": 44, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1113", + "tactic": "collection", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1037.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "credential-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557", + "tactic": "collection", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.001", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1557.001", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1033", + "tactic": "discovery", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1592.004", + "tactic": "reconnaissance", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003", + "tactic": "credential-access", + "score": 32, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.002", + "tactic": "credential-access", + "score": 25, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.003", + "tactic": "credential-access", + "score": 25, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1003.005", + "tactic": "credential-access", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1014", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1123", + "tactic": "collection", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.004", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", + "tactic": "persistence", + "score": 45, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1543.003", + "tactic": "privilege-escalation", + "score": 45, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1133", + "tactic": "persistence", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1133", + "tactic": "initial-access", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1578", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.002", + "tactic": "discovery", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.001", + "tactic": "discovery", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1114.001", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1561.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1615", + "tactic": "discovery", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.009", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.009", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.006", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.004", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "persistence", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.001", + "tactic": "privilege-escalation", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.008", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.008", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.014", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.014", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.015", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.003", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.002", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.002", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.010", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1547.010", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1489", + "tactic": "impact", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1564.004", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1115", + "tactic": "collection", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1007", + "tactic": "discovery", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "credential-access", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1040", + "tactic": "discovery", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1135", + "tactic": "discovery", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1120", + "tactic": "discovery", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1082", + "tactic": "discovery", + "score": 30, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071.004", + "tactic": "command-and-control", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1071.001", + "tactic": "command-and-control", + "score": 39, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "execution", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1053", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1176", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1106", + "tactic": "execution", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1091", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1005", + "tactic": "collection", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1140", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.004", + "tactic": "defense-evasion", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.002", + "tactic": "defense-evasion", + "score": 23, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.001", + "tactic": "defense-evasion", + "score": 106, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.006", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1562.010", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1195", + "tactic": "initial-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1195.001", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1558.003", + "tactic": "credential-access", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.004", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1555.001", + "tactic": "credential-access", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567.001", + "tactic": "exfiltration", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1567.002", + "tactic": "exfiltration", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1219", + "tactic": "command-and-control", + "score": 40, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036", + "tactic": "defense-evasion", + "score": 41, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.008", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.003", + "tactic": "defense-evasion", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.004", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.005", + "tactic": "defense-evasion", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1036.007", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.007", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.001", + "tactic": "credential-access", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1552.002", + "tactic": "credential-access", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "defense-evasion", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055", + "tactic": "privilege-escalation", + "score": 31, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.012", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.009", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.009", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.011", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.001", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1055.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218", + "tactic": "defense-evasion", + "score": 140, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.005", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.008", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.013", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.001", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.010", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.009", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1218.007", + "tactic": "defense-evasion", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1620", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1611", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1010", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1525", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1572", + "tactic": "command-and-control", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.003", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.003", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1550.002", + "tactic": "lateral-movement", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1589", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1560.001", + "tactic": "collection", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1185", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.006", + "tactic": "lateral-movement", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.005", + "tactic": "lateral-movement", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.002", + "tactic": "lateral-movement", + "score": 36, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.001", + "tactic": "lateral-movement", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.003", + "tactic": "lateral-movement", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1021.004", + "tactic": "lateral-movement", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1207", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1112", + "tactic": "defense-evasion", + "score": 85, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1580", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1491.001", + "tactic": "impact", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1563.002", + "tactic": "lateral-movement", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1217", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.002", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1222.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1595.002", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "privilege-escalation", + "score": 53, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.002", + "tactic": "defense-evasion", + "score": 53, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1548.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1125", + "tactic": "collection", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1016", + "tactic": "discovery", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.002", + "tactic": "discovery", + "score": 17, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1087.001", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090", + "tactic": "command-and-control", + "score": 22, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.001", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.004", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1090.002", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.005", + "tactic": "execution", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.002", + "tactic": "execution", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.003", + "tactic": "execution", + "score": 33, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.004", + "tactic": "execution", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.006", + "tactic": "execution", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1059.001", + "tactic": "execution", + "score": 214, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1482", + "tactic": "discovery", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1020", + "tactic": "exfiltration", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.004", + "tactic": "defense-evasion", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.002", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.001", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.003", + "tactic": "defense-evasion", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1070.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1609", + "tactic": "execution", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1083", + "tactic": "discovery", + "score": 20, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1568", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1074.001", + "tactic": "collection", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1049", + "tactic": "discovery", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1584", + "tactic": "resource-development", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.003", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1586", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1497.001", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.003", + "tactic": "command-and-control", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1102.002", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1608", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1104", + "tactic": "command-and-control", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1057", + "tactic": "discovery", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1041", + "tactic": "exfiltration", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1591.004", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1590.001", + "tactic": "reconnaissance", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1210", + "tactic": "lateral-movement", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1593.003", + "tactic": "reconnaissance", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.003", + "tactic": "exfiltration", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1048.001", + "tactic": "exfiltration", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1566.001", + "tactic": "initial-access", + "score": 21, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565", + "tactic": "impact", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.002", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1565.001", + "tactic": "impact", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559.002", + "tactic": "execution", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1559.001", + "tactic": "execution", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1039", + "tactic": "collection", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "persistence", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "privilege-escalation", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574", + "tactic": "defense-evasion", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.007", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.005", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.002", + "tactic": "persistence", + "score": 79, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.002", + "tactic": "privilege-escalation", + "score": 79, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.002", + "tactic": "defense-evasion", + "score": 79, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.006", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.008", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "persistence", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "privilege-escalation", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.011", + "tactic": "defense-evasion", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1574.012", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.002", + "tactic": "initial-access", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "privilege-escalation", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1078.003", + "tactic": "initial-access", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1571", + "tactic": "command-and-control", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1068", + "tactic": "privilege-escalation", + "score": 24, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027", + "tactic": "defense-evasion", + "score": 92, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.005", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.009", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.010", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.003", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1027.001", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.002", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "privilege-escalation", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.003", + "tactic": "persistence", + "score": 12, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.011", + "tactic": "persistence", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.015", + "tactic": "persistence", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.004", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.010", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.010", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.007", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.007", + "tactic": "persistence", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.012", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.012", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.001", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.009", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.009", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.014", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.014", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "privilege-escalation", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.008", + "tactic": "persistence", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1187", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1599.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1486", + "tactic": "impact", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.005", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.002", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.004", + "tactic": "defense-evasion", + "score": 10, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.003", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1553.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1573", + "tactic": "command-and-control", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.001", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "collection", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1056.002", + "tactic": "credential-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1203", + "tactic": "execution", + "score": 26, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1570", + "tactic": "lateral-movement", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1095", + "tactic": "command-and-control", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1012", + "tactic": "discovery", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1030", + "tactic": "exfiltration", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1499.001", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1614.001", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "defense-evasion", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1197", + "tactic": "persistence", + "score": 16, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1132.001", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588", + "tactic": "resource-development", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.002", + "tactic": "resource-development", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1588.001", + "tactic": "resource-development", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1569.002", + "tactic": "execution", + "score": 42, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1200", + "tactic": "initial-access", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.004", + "tactic": "persistence", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.003", + "tactic": "persistence", + "score": 28, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1505.005", + "tactic": "persistence", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1221", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134", + "tactic": "privilege-escalation", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "defense-evasion", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.001", + "tactic": "privilege-escalation", + "score": 9, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.004", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.005", + "tactic": "privilege-escalation", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "defense-evasion", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.002", + "tactic": "privilege-escalation", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "defense-evasion", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1134.003", + "tactic": "privilege-escalation", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.001", + "tactic": "persistence", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1136.002", + "tactic": "persistence", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1018", + "tactic": "discovery", + "score": 15, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1046", + "tactic": "discovery", + "score": 14, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1518", + "tactic": "discovery", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1518.001", + "tactic": "discovery", + "score": 8, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1622", + "tactic": "discovery", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1105", + "tactic": "command-and-control", + "score": 64, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1484.001", + "tactic": "privilege-escalation", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1220", + "tactic": "defense-evasion", + "score": 5, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587", + "tactic": "resource-development", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1587.001", + "tactic": "resource-development", + "score": 11, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1008", + "tactic": "command-and-control", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1124", + "tactic": "discovery", + "score": 3, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1495", + "tactic": "impact", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216", + "tactic": "defense-evasion", + "score": 13, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1216.001", + "tactic": "defense-evasion", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1211", + "tactic": "defense-evasion", + "score": 4, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127", + "tactic": "defense-evasion", + "score": 19, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1127.001", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1529", + "tactic": "impact", + "score": 6, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + } + ], + "gradient": { + "colors": [ + "#66b1ffff", + "#ff66f4ff" + ], + "minValue": 0, + "maxValue": 10 + }, + "legendItems": [], + "metadata": [], + "links": [], + "showTacticRowBackground": false, + "tacticRowBackground": "#dddddd", + "selectTechniquesAcrossTactics": false, + "selectSubtechniquesWithParent": false, + "selectVisibleTechniques": false +}