DeTTECT/sample-data/groups.yaml

version: 1
file_type: group-administration
platform:
  - Windows
  - Azure AD
groups:
  - group_name: Red team
    campaign: Scenario 1
    technique_id:
      - T1566.002
      - T1059.001
      - T1053.005
      - T1204.001
      - T1003.001
      - T1055
      - T1027.002
      - T1218.011
      - T1070.006
      - T1082
      - T1016
      - T1033
      - T1087.002
      - T1550.002
      - T1057
      - T1039
      - T1041
      - T1071.001
      - T1001.003
      - T1114.003
      - T1560.003
    software_id:
      - S0002
    enabled: true
  - group_name: Red team
    campaign: Ransomware
    technique_id:
      - T1078.004
      - T1136.003
      - T1053.005
      - T1055
      - T1003.001
      - T1033
      - T1021.006
      - T1071.001
      - T1001.003
      - T1041
      - T1039
      - T1566.002
      - T1078.002
      - T1036.003
      - T1486
      - T1083
    software_id: []
    enabled: false
migrated to sub-techniques 2020-07-10 07:43:12 +00:00			`version: 1`
initial commit 2019-03-29 14:26:25 +00:00			`file_type: group-administration`
migrated to sub-techniques 2020-07-10 07:43:12 +00:00			`platform:`
			`- Windows`
			`- Azure AD`
initial commit 2019-03-29 14:26:25 +00:00			`groups:`
migrated to sub-techniques 2020-07-10 07:43:12 +00:00			`- group_name: Red team`
			`campaign: Scenario 1`
			`technique_id:`
			`- T1566.002`
			`- T1059.001`
			`- T1053.005`
			`- T1204.001`
			`- T1003.001`
			`- T1055`
			`- T1027.002`
			`- T1218.011`
			`- T1070.006`
			`- T1082`
			`- T1016`
			`- T1033`
			`- T1087.002`
			`- T1550.002`
			`- T1057`
			`- T1039`
			`- T1041`
			`- T1071.001`
			`- T1001.003`
			`- T1114.003`
			`- T1560.003`
			`software_id:`
			`- S0002`
			`enabled: true`
			`- group_name: Red team`
Added techniques in the ransomware campaign 2020-09-10 18:05:18 +00:00			`campaign: Ransomware`
migrated to sub-techniques 2020-07-10 07:43:12 +00:00			`technique_id:`
			`- T1078.004`
			`- T1136.003`
			`- T1053.005`
			`- T1055`
			`- T1003.001`
			`- T1033`
			`- T1021.006`
			`- T1071.001`
			`- T1001.003`
			`- T1041`
			`- T1039`
Added techniques in the ransomware campaign 2020-09-10 18:05:18 +00:00			`- T1566.002`
			`- T1078.002`
			`- T1036.003`
			`- T1486`
			`- T1083`
migrated to sub-techniques 2020-07-10 07:43:12 +00:00			`software_id: []`
			`enabled: false`