Refresh ATT&CK mappings to v9.0 (#1401)

* Refresh ATT&CK mappings to v9.0
* Update rules to reflect ATT&CK changes

rules/cross-platform/execution_suspicious_jar_child_process.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/19"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -40,7 +40,7 @@ name = "Command and Scripting Interpreter"
 reference = "https://attack.mitre.org/techniques/T1059/"
 [[rule.threat.technique.subtechnique]]
 id = "T1059.007"
-name = "JavaScript/JScript"
+name = "JavaScript"
 reference = "https://attack.mitre.org/techniques/T1059/007/"
 
 

rules/cross-platform/persistence_shell_profile_modification.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/19"
 maturity = "production"
-updated_date = "2021/03/08"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -61,7 +61,7 @@ name = "Event Triggered Execution"
 reference = "https://attack.mitre.org/techniques/T1546/"
 [[rule.threat.technique.subtechnique]]
 id = "T1546.004"
-name = ".bash_profile and .bashrc"
+name = "Unix Shell Configuration Modification"
 reference = "https://attack.mitre.org/techniques/T1546/004/"
 
 

rules/linux/privilege_escalation_ld_preload_shared_object_modif.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/27"
 maturity = "production"
-updated_date = "2021/03/08"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -37,7 +37,7 @@ name = "Hijack Execution Flow"
 reference = "https://attack.mitre.org/techniques/T1574/"
 [[rule.threat.technique.subtechnique]]
 id = "T1574.006"
-name = "LD_PRELOAD"
+name = "Dynamic Linker Hijacking"
 reference = "https://attack.mitre.org/techniques/T1574/006/"
 
 

rules/macos/execution_installer_spawned_network_event.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/02/23"
 maturity = "production"
-updated_date = "2021/05/26"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -51,7 +51,7 @@ name = "Command and Scripting Interpreter"
 reference = "https://attack.mitre.org/techniques/T1059/"
 [[rule.threat.technique.subtechnique]]
 id = "T1059.007"
-name = "JavaScript/JScript"
+name = "JavaScript"
 reference = "https://attack.mitre.org/techniques/T1059/007/"
 
 

rules/windows/privilege_escalation_disable_uac_registry.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/20"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -48,7 +48,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 
@@ -65,7 +65,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_com_clipup.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/10/28"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -38,7 +38,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_com_ieinstal.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/11/03"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -40,7 +40,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_com_interface_icmluautil.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/10/19"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -37,7 +37,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_diskcleanup_hijack.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/08/18"
 maturity = "production"
-updated_date = "2021/03/08"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -38,7 +38,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_dll_sideloading.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/10/27"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -39,7 +39,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_event_viewer.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/03/17"
 maturity = "production"
-updated_date = "2021/04/14"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -41,7 +41,7 @@ name = "Abuse Elevation Control Mechanism"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 
 
 

rules/windows/privilege_escalation_uac_bypass_mock_windir.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/10/26"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -36,7 +36,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_bypass_winfw_mmc_hijack.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/10/14"
 maturity = "production"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -39,7 +39,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"
 
 

rules/windows/privilege_escalation_uac_sdclt.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/09/02"
 maturity = "development"
-updated_date = "2021/03/03"
+updated_date = "2021/08/03"
 
 [rule]
 author = ["Elastic"]
@@ -47,7 +47,7 @@ name = "Abuse Elevation Control Mechanism"
 reference = "https://attack.mitre.org/techniques/T1548/"
 [[rule.threat.technique.subtechnique]]
 id = "T1548.002"
-name = "Bypass User Access Control"
+name = "Bypass User Account Control"
 reference = "https://attack.mitre.org/techniques/T1548/002/"