diff --git a/threat-actor-data/20200220-FireEye.yaml b/threat-actor-data/20200220-FireEye.yaml new file mode 100644 index 0000000..1c31afa --- /dev/null +++ b/threat-actor-data/20200220-FireEye.yaml @@ -0,0 +1,104 @@ +%YAML 1.2 +--- +# Source: https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html +version: 1.0 +file_type: group-administration +platform: + - all +groups: + - group_name: FireEye M-Trends 2020 + campaign: + technique_id: + T1040 : 1 # 0.44% + T1201 : 1 # 0.44% + T1007 : 1 # 0.44% + T1124 : 1 # 0.44% + T1480 : 1 # 0.44% + T1158 : 1 # 0.44% + T1093 : 1 # 0.44% + T1031 : 1 # 0.44% + T1023 : 1 # 0.44% + T1081 : 1 # 0.44% + T1214 : 1 # 0.44% + T1111 : 1 # 0.44% + T1491 : 1 # 0.44% + T1173 : 1 # 0.44% + T1106 : 1 # 0.44% + T1170 : 1 # 0.44% + T1179 : 1 # 0.44% + T1049 : 1 # 0,88% + T1497 : 1 # 0,88% + T1036 : 1 # 0,88% + T1117 : 1 # 0,88% + T1096 : 1 # 0,88% + T1482 : 1 # 1,32% + T1135 : 1 # 1,32% + T1140 : 1 # 1,32% + T1168 : 1 # 1,32% + T1077 : 1 # 1,32% + T1490 : 1 # 1,32% + T1492 : 1 # 1,32% + T1014 : 2 # 1,76% + T1094 : 2 # 1,76% + T1047 : 2 # 1,76% + T1138 : 2 # 1,76% + T1055 : 2 # 2,20% + T1058 : 2 # 2,20% + T1188 : 2 # 2,20% + T1219 : 2 # 2,20% + T1021 : 2 # 2,20% + T1496 : 2 # 2,20% + T1083 : 3 # 3,08% + T1046 : 3 # 3,08% + T1057 : 3 # 3,08% + T1016 : 3 # 3,08% + T1054 : 3 # 3,08% + T1004 : 3 # 3,08% + T1015 : 3 # 3,08% + T1087 : 4 # 3,52% + T1069 : 4 # 3,52% + T1034 : 4 # 3,52% + T1012 : 4 # 3,96% + T1038 : 4 # 3,96% + T1073 : 4 # 3,96% + T1099 : 4 # 3,96% + T1102 : 4 # 3,96% + T1022 : 4 # 4,00% + T1192 : 4 # 4,41% + T1136 : 5 # 4,85% + T1486 : 5 # 4,85% + T1033 : 5 # 5,29% + T1116 : 5 # 5,29% + T1090 : 5 # 5,29% + T1070 : 5 # 5,29% + T1060 : 5 # 5,29% + T1110 : 5 # 5,29% + T1193 : 5 # 5,29% + T1082 : 6 # 5,73% + T1089 : 6 # 5,73% + T1112 : 7 # 6,61% + T1063 : 7 # 7,49% + T1199 : 7 # 7,49% + T1059 : 8 # 7,93% + T1489 : 8 # 8,37% + T1045 : 9 # 9,25% + T1003 : 9 # 9,25% + T1071 : 10 # 10,13% + T1098 : 10 # 10,13% + T1107 : 11 # 10,57% + T1105 : 11 # 10,57% + T1053 : 11 # 10,57% + T1078 : 11 # 10,57% + T1202 : 13 # 12,78% + T1002 : 13 # 13,00% + T1032 : 14 # 14,10% + T1100 : 16 # 15,86% + T1190 : 17 # 16,74% + T1076 : 19 # 18,94% + T1133 : 28 # 28,19% + T1035 : 28 # 28,19% + T1086 : 29 # 28,63% + T1064 : 30 # 30,40% + T1027 : 31 # 31,28% + software_id: [] + enabled: True \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200220-FireEye/attack_all_fireeye-m-trends-2020.json b/threat-actor-data/ATT&CK-Navigator-layers/20200220-FireEye/attack_all_fireeye-m-trends-2020.json new file mode 100644 index 0000000..c353f34 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200220-FireEye/attack_all_fireeye-m-trends-2020.json @@ -0,0 +1,98 @@ +{"name": "Attack - all", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): all | group(s): FireEye M-Trends 2020 | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS", "AWS", "GCP", "Azure", "Azure AD", "Office 365", "SaaS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1491", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1124", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1093", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1214", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1135", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1199", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1136", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1063", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1193", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1489", "score": 8, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1014", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1168", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1094", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1055", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1106", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1059", "score": 8, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1049", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1480", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1032", "score": 14, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1007", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1100", "score": 16, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1099", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1058", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1057", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1202", "score": 13, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1023", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1086", "score": 29, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1054", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1112", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1083", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1047", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1078", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1002", "score": 13, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1076", "score": 19, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1015", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1090", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1089", "score": 6, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1022", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1116", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1496", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1071", "score": 10, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1170", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1111", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1004", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1081", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1192", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1133", "score": 28, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1035", "score": 28, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1482", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1077", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1117", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1138", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1040", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1021", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1045", "score": 9, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1046", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1053", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1158", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1027", "score": 31, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1492", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1173", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1201", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1069", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1003", "score": 9, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1490", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1073", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1033", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1087", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1036", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1110", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1016", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1096", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1070", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1190", "score": 17, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1497", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1107", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1140", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1486", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1060", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1105", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1038", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1012", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1082", "score": 6, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1098", "score": 10, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1102", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1034", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1064", "score": 30, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1031", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1179", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1188", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}, +{"techniqueID": "T1219", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 31}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file