Skip to content

Commit

Permalink
ATT&CK v13.1 Enterprise
Browse files Browse the repository at this point in the history
  • Loading branch information
@jondricek
jondricek committed May 8, 2023
1 parent d3c54ff commit a890630
Show file tree
Hide file tree
Showing 18,519 changed files with 229,338 additions and 229,250 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--0042a9f5-f053-4769-b3ef-9ad018dfa298.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--6168d0e4-9ec9-4a52-8429-8d99286aff9a",
"id": "bundle--523a330b-0eba-42b3-93ab-f78c4e2d90b9",
"spec_version": "2.0",
"objects": [
{
Expand Down
6 changes: 3 additions & 3 deletions enterprise-attack/attack-pattern/attack-pattern--005a06c6-14bf-4118-afa0-ebcd8aebb0c9.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--d31d58d8-3200-476a-a297-8c8a4e9812cf",
"id": "bundle--30d122bc-61e5-4d6d-870b-5246320f82e3",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -41,9 +41,9 @@
"x_mitre_data_sources": [
"File: File Modification",
"Scheduled Job: Scheduled Job Creation",
"Process: Process Creation",
"Windows Registry: Windows Registry Key Creation",
"Command: Command Execution",
"Windows Registry: Windows Registry Key Creation"
"Process: Process Creation"
],
"x_mitre_permissions_required": [
"Administrator"
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--005cc321-08ce-4d17-b1ea-cb5275926520.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--4a251278-94a5-4637-9277-10051dcf177e",
"id": "bundle--155f36ca-dd8b-48ff-be96-579affabf812",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--00d0b012-8a03-410e-95de-5826bf542de6.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--1c1dbf55-7e6b-4ec4-a063-e3e7ca074697",
"id": "bundle--f278a551-bff2-46b3-864c-8017fd9154dc",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--00f90846-cbd1-4fc5-9233-df5c2bf2a662.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--0f9117be-7845-4cfd-9274-b05c477f72db",
"id": "bundle--ffe10296-7286-435d-baea-d8e0cb7a1325",
"spec_version": "2.0",
"objects": [
{
Expand Down
6 changes: 3 additions & 3 deletions enterprise-attack/attack-pattern/attack-pattern--01327cde-66c4-4123-bf34-5f258d59457b.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--f178a0b3-21b6-4b46-9344-a520e7a0aefb",
"id": "bundle--e3722e26-5e9b-4903-b1c1-92ee0063b4e8",
"spec_version": "2.0",
"objects": [
{
Expand All @@ -26,9 +26,9 @@
],
"x_mitre_version": "1.1",
"x_mitre_data_sources": [
"Process: Process Creation",
"Logon Session: Logon Session Creation",
"Network Traffic: Network Connection Creation",
"Logon Session: Logon Session Creation"
"Process: Process Creation"
],
"x_mitre_system_requirements": [
"VNC server installed and listening for connections."
Expand Down
6 changes: 3 additions & 3 deletions enterprise-attack/attack-pattern/attack-pattern--01a5a209-b94c-450b-b7f9-946497d91055.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--c6671cd4-7c4f-49c4-b69c-8e64bc8b7643",
"id": "bundle--1323325f-9452-40ef-91e2-35d3a688ac41",
"spec_version": "2.0",
"objects": [
{
Expand All @@ -27,9 +27,9 @@
],
"x_mitre_version": "1.3",
"x_mitre_data_sources": [
"Process: Process Creation",
"Command: Command Execution",
"Network Traffic: Network Connection Creation",
"Process: Process Creation"
"Network Traffic: Network Connection Creation"
],
"x_mitre_remote_support": true,
"type": "attack-pattern",
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--01df3350-ce05-4bdf-bdf8-0a919a66d4a8.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--1fa370bf-f7b3-4c5f-924a-c4c5a95e7825",
"id": "bundle--5f26a0ce-cd6b-4f47-8cf9-72b7214d48b2",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--0259baeb-9f63-4c69-bf10-eb038c390688.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--5fa578f0-7d16-4807-9f53-581a35e9866b",
"id": "bundle--beca2ecb-60a5-4691-9b40-b84c18895482",
"spec_version": "2.0",
"objects": [
{
Expand Down
11 changes: 6 additions & 5 deletions enterprise-attack/attack-pattern/attack-pattern--02c5abff-30bf-4703-ab92-1f6072fae939.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
{
"type": "bundle",
"id": "bundle--8aaa8d09-7260-401f-bad0-cff261c4dbf3",
"id": "bundle--3f7c4360-03d5-450c-b6c6-dbc60a805074",
"spec_version": "2.0",
"objects": [
{
"modified": "2023-03-24T13:51:48.636Z",
"modified": "2023-05-04T18:06:40.829Z",
"name": "Fileless Storage",
"description": "Adversaries may store data in \"fileless\" formats to conceal malicious activity from defenses. Fileless storage can be broadly defined as any format other than a file. Common examples of non-volatile fileless storage include the Windows Registry, event logs, or WMI repository.(Citation: Microsoft Fileless)(Citation: SecureList Fileless)\n\nSimilar to fileless in-memory behaviors such as [Reflective Code Loading](https://attack.mitre.org/techniques/T1620) and [Process Injection](https://attack.mitre.org/techniques/T1055), fileless data storage may remain undetected by anti-virus and other endpoint security tools that can only access specific file formats from disk storage.\n\nAdversaries may use fileless storage to conceal various types of stored data, including payloads/shellcode (potentially being used as part of [Persistence](https://attack.mitre.org/tactics/TA0003)) and collected data not yet exfiltrated from the victim (e.g., [Local Data Staging](https://attack.mitre.org/techniques/T1074/001)). Adversaries also often encrypt, encode, splice, or otherwise obfuscate this fileless data when stored.\n\nSome forms of fileless storage activity may indirectly create artifacts in the file system, but in central and otherwise difficult to inspect formats such as the WMI (e.g., `%SystemRoot%\\System32\\Wbem\\Repository`) or Registry (e.g., `%SystemRoot%\\System32\\Config`) physical files.(Citation: Microsoft Fileless) ",
"kill_chain_phases": [
Expand All @@ -17,7 +17,8 @@
"Christopher Peacock",
"Denise Tan",
"Mark Wee",
"Simona David"
"Simona David",
"Xavier Rousseau"
],
"x_mitre_deprecated": false,
"x_mitre_detection": "",
Expand All @@ -30,8 +31,8 @@
],
"x_mitre_version": "1.0",
"x_mitre_data_sources": [
"Windows Registry: Windows Registry Key Creation",
"WMI: WMI Creation"
"WMI: WMI Creation",
"Windows Registry: Windows Registry Key Creation"
],
"type": "attack-pattern",
"id": "attack-pattern--02c5abff-30bf-4703-ab92-1f6072fae939",
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--02fefddc-fb1b-423f-a76b-7552dd211d4d.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--7e133ea0-30c7-4a50-a141-98abf3f9e522",
"id": "bundle--b5b11e21-4c2b-49d5-9b1e-dcf18ec73555",
"spec_version": "2.0",
"objects": [
{
Expand Down
10 changes: 5 additions & 5 deletions enterprise-attack/attack-pattern/attack-pattern--03259939-0b57-482f-8eb5-87c0e0d54334.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--fa8a55eb-2147-4e35-a946-5b1a1d03da64",
"id": "bundle--3a2cdfdb-6067-4be4-86dd-1294c7b16256",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -29,11 +29,11 @@
],
"x_mitre_version": "2.1",
"x_mitre_data_sources": [
"Process: Process Creation",
"File: File Modification",
"Windows Registry: Windows Registry Key Creation",
"Active Directory: Active Directory Object Modification",
"File: File Creation",
"Active Directory: Active Directory Object Modification",
"Windows Registry: Windows Registry Key Creation",
"File: File Modification",
"Process: Process Creation",
"Command: Command Execution"
],
"type": "attack-pattern",
Expand Down
10 changes: 5 additions & 5 deletions enterprise-attack/attack-pattern/attack-pattern--035bb001-ab69-4a0b-9f6c-2de8b09e1b9d.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--e15f8b6f-0a60-43e6-a5c5-8e9c93f10b82",
"id": "bundle--81d34ebb-d5ee-48a2-ae11-59716c673405",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -38,11 +38,11 @@
],
"x_mitre_version": "2.2",
"x_mitre_data_sources": [
"Service: Service Creation",
"Network Traffic: Network Traffic Content",
"Application Log: Application Log Content",
"Network Traffic: Network Traffic Flow",
"Windows Registry: Windows Registry Key Modification"
"Network Traffic: Network Traffic Content",
"Service: Service Creation",
"Windows Registry: Windows Registry Key Modification",
"Network Traffic: Network Traffic Flow"
],
"type": "attack-pattern",
"id": "attack-pattern--035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
Expand Down
12 changes: 6 additions & 6 deletions enterprise-attack/attack-pattern/attack-pattern--03d7999c-1f4c-42cc-8373-e7690d318104.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--5da44330-cbff-41ba-8f45-a0d607f565d6",
"id": "bundle--463ee45a-ef4c-439a-9a50-07465757e525",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -32,13 +32,13 @@
"x_mitre_data_sources": [
"Process: OS API Execution",
"Process: Process Access",
"Network Traffic: Network Traffic Content",
"Windows Registry: Windows Registry Key Access",
"Active Directory: Active Directory Object Access",
"Process: Process Creation",
"Network Traffic: Network Traffic Flow",
"Network Traffic: Network Traffic Content",
"File: File Access",
"Windows Registry: Windows Registry Key Access",
"Command: Command Execution"
"Process: Process Creation",
"Command: Command Execution",
"Network Traffic: Network Traffic Flow"
],
"type": "attack-pattern",
"id": "attack-pattern--03d7999c-1f4c-42cc-8373-e7690d318104",
Expand Down
6 changes: 3 additions & 3 deletions enterprise-attack/attack-pattern/attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--e0341d75-ce64-44b0-82ad-10e7c272a6bd",
"id": "bundle--a9415a33-da16-4694-ba0f-7d23a2414d08",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -30,8 +30,8 @@
"Internet Scan: Response Metadata",
"Domain Name: Active DNS",
"Internet Scan: Response Content",
"Domain Name: Passive DNS",
"Domain Name: Domain Registration"
"Domain Name: Domain Registration",
"Domain Name: Passive DNS"
],
"type": "attack-pattern",
"id": "attack-pattern--0458aab9-ad42-4eac-9e22-706a95bafee2",
Expand Down
4 changes: 2 additions & 2 deletions enterprise-attack/attack-pattern/attack-pattern--045d0922-2310-4e60-b5e4-3302302cb3c5.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--713d03c0-061b-4273-bf67-0f86942f6e69",
"id": "bundle--8805934e-d602-45b0-85ae-b60b3c44b08d",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -30,9 +30,9 @@
],
"x_mitre_version": "2.1",
"x_mitre_data_sources": [
"File: File Metadata",
"Module: Module Load",
"Command: Command Execution",
"File: File Metadata",
"Process: Process Creation"
],
"x_mitre_defense_bypassed": [
Expand Down
6 changes: 3 additions & 3 deletions enterprise-attack/attack-pattern/attack-pattern--0470e792-32f8-46b0-a351-652bc35e9336.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--2d9c20fd-89e8-4a36-8878-3994eb4494aa",
"id": "bundle--83af10dc-f96a-42a5-9897-7ea55ce2009d",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -29,8 +29,8 @@
],
"x_mitre_version": "1.1",
"x_mitre_data_sources": [
"Pod: Pod Enumeration",
"Container: Container Enumeration"
"Container: Container Enumeration",
"Pod: Pod Enumeration"
],
"type": "attack-pattern",
"id": "attack-pattern--0470e792-32f8-46b0-a351-652bc35e9336",
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--04a5a8ab-3bc8-4c83-95c9-55274a89786d.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--31f51845-10d1-44b8-bc14-516b39318439",
"id": "bundle--535122fb-36e3-4321-99d0-62f07de84483",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--04ee0cb7-dac3-4c6c-9387-4c6aa096f4cf.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--545474f0-68b1-4794-9795-455e001730fa",
"id": "bundle--99902d16-997d-453e-96ee-56f226d6db4a",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--04ef4356-8926-45e2-9441-634b6f3dcecb.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--6e22b3be-e8fc-4c50-83b5-dab6e616cbc6",
"id": "bundle--a4a4fa77-5194-484d-bea4-bad76ec441f0",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--04fd5427-79c7-44ea-ae13-11b24778ff1c.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--16afbfe9-abe4-49f0-85f8-2257248d9593",
"id": "bundle--acdf865d-5e24-4e0c-a9c1-9e9a0f260742",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--0533ab23-3f7d-463f-9bd8-634d27e4dee1.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--083a48af-2ca7-4ce2-b295-f8235056445d",
"id": "bundle--665ce3f5-0718-486e-a17c-a30c4066fec4",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--06780952-177c-4247-b978-79c357fb311f.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--7c8cee5f-5597-4b09-9a47-18de982933a4",
"id": "bundle--5530ce5f-129f-4c30-b0d7-6caae3ee9a37",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--06c00069-771a-4d57-8ef5-d3718c1a8771.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--c156e0ab-ea0b-4b8f-844b-cc45a70b1ca4",
"id": "bundle--2fb137e4-5280-43c5-ace7-13f90990ebdf",
"spec_version": "2.0",
"objects": [
{
Expand Down
8 changes: 4 additions & 4 deletions enterprise-attack/attack-pattern/attack-pattern--0708ae90-d0eb-4938-9a76-d0fc94f6eec1.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--a79aa88c-09fb-48cf-b034-fd9f6d3ca5c6",
"id": "bundle--c5e0bcef-c92d-41cf-808a-0cadf42ea7d7",
"spec_version": "2.0",
"objects": [
{
Expand Down Expand Up @@ -51,10 +51,10 @@
"x_mitre_version": "1.1",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"x_mitre_data_sources": [
"Instance: Instance Metadata",
"Instance: Instance Start",
"Instance: Instance Modification",
"Instance: Instance Stop",
"Instance: Instance Modification"
"Instance: Instance Metadata",
"Instance: Instance Start"
],
"x_mitre_permissions_required": [
"User"
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--086952c4-5b90-4185-b573-02bad8e11953.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--cfbdaa75-5464-453b-b86f-2b69da81ab0d",
"id": "bundle--9bc8149b-6780-4f03-9418-6b8f6f9b8c2c",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--09312b1a-c3c6-4b45-9844-3ccc78e5d82f.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--4f9b111a-9a64-4438-8539-d778f3d19dc3",
"id": "bundle--4143b7be-4fbe-4191-b288-66050c8f5112",
"spec_version": "2.0",
"objects": [
{
Expand Down
2 changes: 1 addition & 1 deletion enterprise-attack/attack-pattern/attack-pattern--0979abf9-4e26-43ec-9b6e-54efc4e70fca.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"type": "bundle",
"id": "bundle--5cd79748-9d85-419f-80a6-e1630647098e",
"id": "bundle--edd4433f-4641-4c82-8eac-1cd3135dd554",
"spec_version": "2.0",
"objects": [
{
Expand Down
Loading

0 comments on commit a890630

Please sign in to comment.