security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refresh MITRE Attack v15.1.0 (#3725)

Browse Source 
(cherry picked from commit e357a2c050)
This commit is contained in:
shashank-elastic
2024-06-04 20:14:58 +05:30
committed by github-actions[bot]
parent d7db6be0aa
commit 06660cb2e1
17 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/etc/attack-technique-redirects.json
+1 -1
View File
@@ -132,5 +132,5 @@
"T1536": "T1578.004",
"T1547.011": "T1647"
},
"saved_date": "Wed Nov 22 10:41:11 2023"
"saved_date": "Fri May 31 17:00:55 2024"
}
detection_rules/etc/attack-v14.1.0.json.gz
BIN
View File
Binary file not shown.
detection_rules/etc/attack-v15.1.0.json.gz
BIN
View File
Binary file not shown.
rules/integrations/o365/privilege_escalation_new_or_modified_federation_domain.toml
+3 -3
View File
@@ -2,7 +2,7 @@
creation_date = "2021/05/17"
integration = ["o365"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Austin Songer"]
@@ -48,11 +48,11 @@ event.outcome:success
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1484"
name = "Domain Policy Modification"
name = "Domain or Tenant Policy Modification"
reference = "https://attack.mitre.org/techniques/T1484/"
[[rule.threat.technique.subtechnique]]
id = "T1484.002"
name = "Domain Trust Modification"
name = "Trust Modification"
reference = "https://attack.mitre.org/techniques/T1484/002/"
rules/linux/credential_access_ssh_backdoor_log.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2020/12/21"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -126,7 +126,7 @@ reference = "https://attack.mitre.org/tactics/TA0006/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules/macos/persistence_modification_sublime_app_plugin_or_script.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2020/12/23"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -76,7 +76,7 @@ file where host.os.type == "macos" and event.type in ("change", "creation") and
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules/windows/defense_evasion_masquerading_communication_apps.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2023/05/05"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -118,7 +118,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules/windows/persistence_adobe_hijack_persistence.toml
+1 -1
View File
@@ -126,7 +126,7 @@ reference = "https://attack.mitre.org/techniques/T1574/010/"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules/windows/privilege_escalation_gpo_schtask_service_creation.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2020/08/13"
integration = ["endpoint", "windows"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -52,7 +52,7 @@ file where host.os.type == "windows" and event.type != "deletion" and
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1484"
name = "Domain Policy Modification"
name = "Domain or Tenant Policy Modification"
reference = "https://attack.mitre.org/techniques/T1484/"
[[rule.threat.technique.subtechnique]]
id = "T1484.001"
rules/windows/privilege_escalation_group_policy_iniscript.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2021/11/08"
integration = ["system", "windows"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -114,7 +114,7 @@ or
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1484"
name = "Domain Policy Modification"
name = "Domain or Tenant Policy Modification"
reference = "https://attack.mitre.org/techniques/T1484/"
[[rule.threat.technique.subtechnique]]
id = "T1484.001"
rules/windows/privilege_escalation_group_policy_privileged_groups.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2021/11/08"
integration = ["system", "windows"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -88,7 +88,7 @@ event.code: "5136" and
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1484"
name = "Domain Policy Modification"
name = "Domain or Tenant Policy Modification"
reference = "https://attack.mitre.org/techniques/T1484/"
[[rule.threat.technique.subtechnique]]
id = "T1484.001"
rules/windows/privilege_escalation_group_policy_scheduled_task.toml
+2 -2
View File
@@ -2,7 +2,7 @@
creation_date = "2021/11/08"
integration = ["system", "windows"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -121,7 +121,7 @@ reference = "https://attack.mitre.org/techniques/T1053/005/"
[[rule.threat.technique]]
id = "T1484"
name = "Domain Policy Modification"
name = "Domain or Tenant Policy Modification"
reference = "https://attack.mitre.org/techniques/T1484/"
[[rule.threat.technique.subtechnique]]
id = "T1484.001"
rules_building_block/defense_evasion_communication_apps_suspicious_child_process.toml
+2 -2
View File
@@ -3,7 +3,7 @@ bypass_bbr_timing = true
creation_date = "2023/08/04"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -286,7 +286,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules_building_block/defense_evasion_masquerading_browsers.toml
+2 -2
View File
@@ -3,7 +3,7 @@ bypass_bbr_timing = true
creation_date = "2023/08/02"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -185,7 +185,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules_building_block/defense_evasion_masquerading_vlc_dll.toml
+2 -2
View File
@@ -3,7 +3,7 @@ bypass_bbr_timing = true
creation_date = "2023/08/09"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -69,7 +69,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules_building_block/defense_evasion_masquerading_windows_dll.toml
+2 -2
View File
@@ -3,7 +3,7 @@ bypass_bbr_timing = true
creation_date = "2023/08/18"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -147,7 +147,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"
rules_building_block/defense_evasion_masquerading_windows_system32_exe.toml
+2 -2
View File
@@ -3,7 +3,7 @@ bypass_bbr_timing = true
creation_date = "2023/08/20"
integration = ["endpoint"]
maturity = "production"
updated_date = "2024/05/21"
updated_date = "2024/05/31"
[rule]
author = ["Elastic"]
@@ -106,7 +106,7 @@ reference = "https://attack.mitre.org/tactics/TA0005/"
framework = "MITRE ATT&CK"
[[rule.threat.technique]]
id = "T1554"
name = "Compromise Client Software Binary"
name = "Compromise Host Software Binary"
reference = "https://attack.mitre.org/techniques/T1554/"