infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development

master
Marcus Bakker 2020-07-10 09:43:15 +02:00
parent ef95d3daef affbeea44b
commit 19c9c10971
2 changed files with 714 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1088
mitre-data/subtechniques-crosswalk.json
View File

File diff suppressed because it is too large Load Diff

168
sample-data/techniques-administration-endpoints.yaml
View File

@ -9,7 +9,7 @@ techniques:
# #
# - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool. # - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool.
- technique_id: T1222 - technique_id: T1222
technique_name: File Permissions Modification technique_name: File and Directory Permissions Modification
detection: detection:
applicable_to: [all] applicable_to: [all]
location: location:
@ -554,25 +554,6 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1559.001
technique_name: Component Object Model
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1185 - technique_id: T1185
technique_name: Man in the Browser technique_name: Man in the Browser
detection: detection:
@ -1045,7 +1026,7 @@ techniques:
- date: 2019-03-01 - date: 2019-03-01
score: 2 score: 2
comment: '' comment: ''
- technique_id: T1551.005 - technique_id: T1070.005
technique_name: Network Share Connection Removal technique_name: Network Share Connection Removal
detection: detection:
applicable_to: [all] applicable_to: [all]
@ -1407,7 +1388,7 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1551.006 - technique_id: T1070.006
technique_name: Timestomp technique_name: Timestomp
detection: detection:
applicable_to: [all] applicable_to: [all]
@ -1736,29 +1717,6 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1072
technique_name: Software Deployment Tools
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1071 - technique_id: T1071
technique_name: Application Layer Protocol technique_name: Application Layer Protocol
detection: detection:
@ -1776,7 +1734,7 @@ techniques:
- date: 2019-03-01 - date: 2019-03-01
score: 2 score: 2
comment: '' comment: ''
- technique_id: T1551 - technique_id: T1070
technique_name: Indicator Removal on Host technique_name: Indicator Removal on Host
detection: detection:
applicable_to: [all] applicable_to: [all]
@ -1856,44 +1814,26 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1059.004 - technique_id: T1571
technique_name: Bash technique_name: Non-Standard Port
detection: detection:
applicable_to: [all] applicable_to: [all]
location: [EDR, AV Product] location:
- Model B
comment: '' comment: ''
score_logbook: score_logbook:
- date: 2018-12-01 - date: 2018-10-01
score: 3 score: 5
comment: '' comment: ''
visibility: visibility:
applicable_to: [all] applicable_to: [all]
comment: '' comment: ''
score_logbook: score_logbook:
- date: 2019-03-01 - date: 2019-03-01
score: 1 score: 3
comment: '' comment: ''
auto_generated: true
- technique_id: T1059.005 - technique_id: T1059.005
technique_name: VBScript technique_name: Visual Basic
detection:
applicable_to: [all]
location: [EDR, AV Product]
comment: ''
score_logbook:
- date: 2018-12-01
score: 3
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1059.006
technique_name: Python
detection: detection:
applicable_to: [all] applicable_to: [all]
location: [EDR, AV Product] location: [EDR, AV Product]
@ -2136,25 +2076,6 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1571
technique_name: Non-Standard Port
detection:
applicable_to: [all]
location:
- Model B
comment: ''
score_logbook:
- date: 2018-10-01
score: 5
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 3
comment: ''
auto_generated: true
- technique_id: T1546.001 - technique_id: T1546.001
technique_name: Change Default File Association technique_name: Change Default File Association
detection: detection:
@ -2324,44 +2245,6 @@ techniques:
score: 2 score: 2
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1574.008
technique_name: Path Interception by Search Order Hijacking
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1574.009
technique_name: Path Interception by Unquoted Path
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-03-01
score: 2
comment: ''
auto_generated: true
- technique_id: T1033 - technique_id: T1033
technique_name: System Owner/User Discovery technique_name: System Owner/User Discovery
detection: detection:
@ -2382,7 +2265,7 @@ techniques:
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1543.003 - technique_id: T1543.003
technique_name: Existing Service technique_name: Windows Service
detection: detection:
applicable_to: [all] applicable_to: [all]
location: location:
@ -2590,6 +2473,29 @@ techniques:
score: 1 score: 1
comment: '' comment: ''
auto_generated: true auto_generated: true
- technique_id: T1072
technique_name: Software Deployment Tools
detection:
applicable_to: [all]
location:
- ''
comment: ''
score_logbook:
- date: null
score: -1
comment: ''
visibility:
applicable_to: [all]
comment: ''
score_logbook:
- date: 2019-07-30
score: 2
comment: 'New data source: Process use of network'
auto_generated: true
- date: 2019-03-01
score: 1
comment: ''
auto_generated: true
- technique_id: T1016 - technique_id: T1016
technique_name: System Network Configuration Discovery technique_name: System Network Configuration Discovery
detection: detection:
@ -2803,7 +2709,7 @@ techniques:
detection: detection:
applicable_to: [all] applicable_to: [all]
location: location:
- Model E - Model D
comment: '' comment: ''
score_logbook: score_logbook:
- date: 2017-10-10 - date: 2017-10-10