2019-07-31 08:05:44 +00:00
|
|
|
version: 1.2
|
2019-03-29 14:26:25 +00:00
|
|
|
file_type: technique-administration
|
2019-04-23 12:57:11 +00:00
|
|
|
name: example
|
2020-02-10 06:39:11 +00:00
|
|
|
platform: ['Windows', 'Azure', 'Azure AD', 'Office 365']
|
2019-03-29 14:26:25 +00:00
|
|
|
techniques:
|
|
|
|
|
# - Note that detection and visibility are independent from each other.
|
|
|
|
|
# Meaning that detection could be left blank and only have visibility filled in.
|
|
|
|
|
# - Also note that the below serves purely as an example and is therefore not accurate on all areas.
|
|
|
|
|
#
|
|
|
|
|
# - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool.
|
|
|
|
|
- technique_id: T1222
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: File Permissions Modification
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1223
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Compiled HTML File
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1221
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Template Injection
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1220
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: XSL Script Processing
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1217
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Browser Bookmark Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1196
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Control Panel Items
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [client endpoints]
|
2019-05-01 10:04:59 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1214
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Credentials in Registry
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1189
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Drive-by Compromise
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [SIEM UC 123, Tool Model Y]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-08-05
|
|
|
|
|
score: 3
|
|
|
|
|
comment: 'This detection was improved due to the availability of the new log source Process use of network'
|
|
|
|
|
- date: 2018-11-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1203
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exploitation for Client Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1210
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exploitation of Remote Services
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1211
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exploitation for Defense Evasion
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1202
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Indirect Command Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1212
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exploitation for Credential Access
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1201
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Password Policy Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [domain controllers]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1191
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: CMSTP
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1219
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Remote Access Tools
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 3
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1198
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: SIP and Trust Provider Hijacking
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1218
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Signed Binary Proxy Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1193
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Spearphishing Attachment
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1216
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Signed Script Proxy Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1192
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Spearphishing Link
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1209
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Time Providers
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1195
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Supply Chain Compromise
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1194
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Spearphishing via Service
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1204
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: User Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 0
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1182
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: AppCert DLLs
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1176
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Browser Extensions
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1175
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Distributed Component Object Model
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1185
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Man in the Browser
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1174
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Password Filter DLL
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1170
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Mshta
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1171
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: LLMNR/NBT-NS Poisoning
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
- applicable_to: [client endpoints]
|
|
|
|
|
location:
|
|
|
|
|
- Third party product A
|
|
|
|
|
comment: |
|
|
|
|
|
This comment will be
|
|
|
|
|
multiline in
|
|
|
|
|
Excel
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
- applicable_to: [servers]
|
|
|
|
|
location:
|
|
|
|
|
- Model I
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-05-01
|
2019-05-01 10:06:39 +00:00
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
|
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
- applicable_to: [client endpoints]
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
2019-05-01 10:06:39 +00:00
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
- applicable_to: [servers]
|
|
|
|
|
comment: |
|
|
|
|
|
This comment will be
|
|
|
|
|
multiline in
|
|
|
|
|
Excel
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
2019-05-01 10:06:39 +00:00
|
|
|
score: 3
|
2019-07-31 08:05:44 +00:00
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1173
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Dynamic Data Exchange
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1181
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Extra Window Memory Injection
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1179
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Hooking
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1186
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Process Doppelgänging
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1172
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Domain Fronting
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-08-01
|
|
|
|
|
score: 5
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1183
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Image File Execution Options Injection
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [Tool]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-11-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1177
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: LSASS Driver
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1180
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Screensaver
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1134
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Access Token Manipulation
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1138
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Application Shimming
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [SIEM]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1140
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Deobfuscate/Decode Files or Information
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1136
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Create Account
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1137
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Office Application Startup
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1158
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Hidden Files and Directories
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1135
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Network Share Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1132
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Encoding
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1131
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Authentication Package
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1129
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Execution through Module Load
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1128
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Netsh Helper DLL
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1127
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Trusted Developer Utilities
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1126
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Network Share Connection Removal
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1125
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Video Capture
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1124
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Time Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1123
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Audio Capture
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1122
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Component Object Model Hijacking
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1121
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Regsvcs/Regasm
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1118
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: InstallUtil
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1117
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Regsvr32
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1114
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Email Collection
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1113
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Screen Capture
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1112
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Modify Registry
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1111
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Two-Factor Authentication Interception
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1109
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Component Firmware
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1108
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Redundant Access
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1106
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Execution through API
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1105
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Remote File Copy
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1103
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: AppInit DLLs
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1102
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Web Service
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1101
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Security Support Provider
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [SIEM UC 789]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-11-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1100
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Web Shell
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1099
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Timestomp
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [Tool Model X]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-11-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1095
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Standard Non-Application Layer Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1094
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Custom Command and Control Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1093
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Process Hollowing
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1090
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Connection Proxy
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1089
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Disabling Security Tools
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1088
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Bypass User Account Control
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1087
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Account Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1086
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: PowerShell
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1085
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Rundll32
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1083
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: File and Directory Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1082
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Information Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1080
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Taint Shared Content
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1079
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Multilayer Encryption
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1078
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Valid Accounts
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- ''
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1077
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Windows Admin Shares
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-10-01
|
|
|
|
|
score: 0
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1076
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Remote Desktop Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1074
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Staged
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1073
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: DLL Side-Loading
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1072
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Third-party Software
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1071
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Standard Application Layer Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [SIEM UC 123]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-11-01
|
|
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1070
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Indicator Removal on Host
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1069
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Permission Groups Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1068
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exploitation for Privilege Escalation
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1066
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Indicator Removal from Tools
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1065
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Uncommonly Used Port
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model B
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-10-01
|
|
|
|
|
score: 5
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1064
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Scripting
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR, AV Product]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1063
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Security Software Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1061
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Graphical User Interface
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1060
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Registry Run Keys / Startup Folder
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1059
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Command-Line Interface
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1058
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Service Registry Permissions Weakness
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1057
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Process Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1056
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Input Capture
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [client endpoints]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1055
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Process Injection
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1054
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Indicator Blocking
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1053
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Scheduled Task
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-17 12:05:48 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- ''
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1051
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Shared Webroot
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1050
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: New Service
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
2019-07-31 08:05:44 +00:00
|
|
|
comment: Model G
|
|
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1049
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Network Connections Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1048
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exfiltration Over Alternative Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1047
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Windows Management Instrumentation
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1043
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Commonly Used Port
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-10-01
|
|
|
|
|
score: 0
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1042
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Change Default File Association
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1041
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exfiltration Over Command and Control Channel
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1040
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Network Sniffing
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1039
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data from Network Shared Drive
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1038
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: DLL Search Order Hijacking
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1037
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Logon Scripts
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model F
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-05-07
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1036
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Masquerading
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [Model C]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-02-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1035
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Service Execution
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1034
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Path Interception
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1033
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Owner/User Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1032
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Standard Cryptographic Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1031
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Modify Existing Service
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1030
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Transfer Size Limits
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- ''
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1029
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Scheduled Transfer
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1028
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Windows Remote Management
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-17 12:05:48 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- ''
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1027
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Obfuscated Files or Information
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1026
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Multiband Communication
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1025
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data from Removable Media
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1024
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Custom Cryptographic Protocol
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 0
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1023
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Shortcut Modification
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1022
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Encrypted
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model D
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-10-10
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1020
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Automated Exfiltration
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1018
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Remote System Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party product A
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-01-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1017
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Application Deployment Software
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1016
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Network Configuration Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1015
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Accessibility Features
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1013
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Port Monitors
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1012
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Query Registry
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1011
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Exfiltration Over Other Network Medium
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1010
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Application Window Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1008
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Fallback Channels
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1007
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: System Service Discovery
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1005
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data from Local System
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1004
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Winlogon Helper DLL
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1003
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Credential Dumping
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location: [EDR]
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2018-12-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1002
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Compressed
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model E
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2017-10-10
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-03-29 14:26:25 +00:00
|
|
|
- technique_id: T1001
|
2019-04-23 11:51:46 +00:00
|
|
|
technique_name: Data Obfuscation
|
2019-03-29 14:26:25 +00:00
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-03-29 14:26:25 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-03-29 14:26:25 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1485
|
|
|
|
|
technique_name: Data Destruction
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1486
|
|
|
|
|
technique_name: Data Encrypted for Impact
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Model J
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2015-01-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 3
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1488
|
|
|
|
|
technique_name: Disk Content Wipe
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1499
|
|
|
|
|
technique_name: Endpoint Denial of Service
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [websites]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2015-01-01
|
|
|
|
|
score: 5
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [websites]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1490
|
|
|
|
|
technique_name: Inhibit System Recovery
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1498
|
|
|
|
|
technique_name: Network Denial of Service
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [websites]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
2019-07-31 08:05:44 +00:00
|
|
|
- Third party
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2015-01-01
|
|
|
|
|
score: 5
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [websites]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1496
|
|
|
|
|
technique_name: Resource Hijacking
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1494
|
|
|
|
|
technique_name: Runtime Data Manipulation
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1489
|
|
|
|
|
technique_name: Service Stop
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1500
|
|
|
|
|
technique_name: Compile After Delivery
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1483
|
|
|
|
|
technique_name: Domain Generation Algorithms
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 1
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1482
|
|
|
|
|
technique_name: Domain Trust Discovery
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1480
|
|
|
|
|
technique_name: Execution Guardrails
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 4
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
2019-05-01 10:04:59 +00:00
|
|
|
- technique_id: T1497
|
|
|
|
|
technique_name: Virtualization/Sandbox Evasion
|
|
|
|
|
detection:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
2019-05-01 10:04:59 +00:00
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
2019-07-31 08:05:44 +00:00
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
2019-05-01 10:04:59 +00:00
|
|
|
visibility:
|
2019-07-31 08:05:44 +00:00
|
|
|
applicable_to: [all]
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-03-01
|
|
|
|
|
score: 2
|
|
|
|
|
comment: ''
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- technique_id: T1187
|
|
|
|
|
technique_name: Forced Authentication
|
|
|
|
|
detection:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
|
|
|
|
visibility:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 1
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- technique_id: T1141
|
|
|
|
|
technique_name: Input Prompt
|
|
|
|
|
detection:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
|
|
|
|
visibility:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 2
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- technique_id: T1104
|
|
|
|
|
technique_name: Multi-Stage Channels
|
|
|
|
|
detection:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
|
|
|
|
visibility:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 1
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
|
|
|
|
- technique_id: T1046
|
|
|
|
|
technique_name: Network Service Scanning
|
|
|
|
|
detection:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
location:
|
|
|
|
|
- ''
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
2020-02-10 06:39:11 +00:00
|
|
|
- date:
|
2019-07-31 08:05:44 +00:00
|
|
|
score: -1
|
|
|
|
|
comment: ''
|
|
|
|
|
visibility:
|
|
|
|
|
applicable_to:
|
|
|
|
|
- all
|
|
|
|
|
comment: ''
|
|
|
|
|
score_logbook:
|
|
|
|
|
- date: 2019-07-30
|
|
|
|
|
score: 1
|
|
|
|
|
comment: 'New data source: Process use of network'
|
|
|
|
|
auto_generated: true
|
