From 516472b7eec6541c6c7de6a14903e83db09fe66e Mon Sep 17 00:00:00 2001 From: Marcus Bakker Date: Tue, 7 Apr 2020 15:03:48 +0200 Subject: [PATCH] Added intel from CrowdStrike, Red Canary and Recorded Future --- threat-actor-data/20200306-CrowdStrike.yaml | 158 +++++++++++++++ threat-actor-data/20200318-RedCanary.yaml | 180 ++++++++++++++++++ .../20200331-RecordedFuture.yaml | 26 +++ ...crowdstrike-global-threat-report-2020.json | 150 +++++++++++++++ ...eat-detection-report-2020-(education).json | 27 +++ ...threat-detection-report-2020-(energy).json | 27 +++ ...hreat-detection-report-2020-(finance).json | 27 +++ ...at-detection-report-2020-(healthcare).json | 27 +++ ...detection-report-2020-(manufacturing).json | 27 +++ ...hreat-detection-report-2020-(overall).json | 47 +++++ ...threat-detection-report-2020-(retail).json | 27 +++ ...reat-detection-report-2020-(services).json | 27 +++ ...at-detection-report-2020-(technology).json | 27 +++ ...etection-report-2020-(transportation).json | 27 +++ ...uture-ttp-annual-report-2019-(top-10).json | 27 +++ 15 files changed, 831 insertions(+) create mode 100644 threat-actor-data/20200306-CrowdStrike.yaml create mode 100644 threat-actor-data/20200318-RedCanary.yaml create mode 100644 threat-actor-data/20200331-RecordedFuture.yaml create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200306-CrowdStrike/attack_windows-linux-macos_crowdstrike-global-threat-report-2020.json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(education).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(energy).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(finance).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(healthcare).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(manufacturing).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(overall).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(retail).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(services).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(technology).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(transportation).json create mode 100644 threat-actor-data/ATT&CK-Navigator-layers/20200331-RecordedFuture/attack_windows-linux-macos_recorded-future-ttp-annual-report-2019-(top-10).json diff --git a/threat-actor-data/20200306-CrowdStrike.yaml b/threat-actor-data/20200306-CrowdStrike.yaml new file mode 100644 index 0000000..e09a691 --- /dev/null +++ b/threat-actor-data/20200306-CrowdStrike.yaml @@ -0,0 +1,158 @@ +%YAML 1.2 +--- +# Source: https://www.crowdstrike.com/resources/reports/2020-crowdstrike-global-threat-report/ +version: 1.0 +file_type: group-administration +platform: + - Windows + - Linux + - macOS +groups: + - group_name: CrowdStrike Global Threat Report 2020 + campaign: + technique_id: + T1059 : 70 + T1078 : 65 + T1064 : 56 + T1016 : 54 + T1105 : 53 + T1003 : 52 + T1086 : 52 + T1033 : 51 + T1087 : 50 + T1076 : 48 + T1082 : 48 + T1049 : 46 + T1018 : 45 + T1057 : 43 + T1083 : 42 + T1089 : 40 + T1047 : 39 + T1043 : 37 + T1027 : 34 + T1100 : 33 + T1486 : 32 + T1036 : 31 + T1112 : 31 + T1085 : 31 + T1136 : 28 + T1070 : 27 + T1190 : 26 + T1046 : 26 + T1135 : 26 + T1061 : 23 + T1107 : 22 + T1077 : 22 + T1110 : 21 + T1005 : 21 + T1069 : 21 + T1065 : 19 + T1053 : 17 + T1035 : 17 + T1490 : 16 + T1050 : 16 + T1081 : 15 + T1002 : 15 + T1098 : 14 + T1074 : 14 + T1482 : 14 + T1055 : 14 + T1012 : 13 + T1071 : 13 + T1140 : 12 + T1031 : 12 + T1060 : 12 + T1021 : 12 + T1007 : 12 + T1015 : 11 + T1041 : 11 + T1222 : 11 + T1219 : 11 + T1489 : 11 + T1124 : 11 + T1090 : 10 + T1073 : 10 + T1117 : 10 + T1496 : 10 + T1193 : 10 + T1119 : 9 + T1183 : 9 + T1170 : 9 + T1108 : 9 + T1139 : 8 + T1039 : 8 + T1063 : 8 + T1088 : 7 + T1146 : 7 + T1214 : 7 + T1213 : 7 + T1001 : 7 + T1048 : 7 + T1068 : 7 + T1133 : 7 + T1032 : 7 + T1099 : 7 + T1102 : 7 + T1084 : 6 + T1134 : 6 + T1197 : 6 + T1116 : 6 + T1094 : 6 + T1024 : 6 + T1132 : 6 + T1038 : 6 + T1203 : 6 + T1158 : 6 + T1056 : 6 + T1168 : 6 + T1126 : 6 + T1145 : 6 + T1093 : 6 + T1091 : 6 + T1166 : 6 + T1192 : 6 + T1095 : 6 + T1169 : 6 + T1529 : 6 + T1199 : 6 + T1028 : 6 + T1103 : 5 + T1020 : 5 + T1176 : 5 + T1115 : 5 + T1191 : 5 + T1500 : 5 + T1196 : 5 + T1022 : 5 + T1114 : 5 + T1106 : 5 + T1212 : 5 + T1200 : 5 + T1147 : 5 + T1143 : 5 + T1148 : 5 + T1066 : 5 + T1118 : 5 + T1208 : 5 + T1215 : 5 + T1159 : 5 + T1037 : 5 + T1026 : 5 + T1079 : 5 + T1040 : 5 + T1201 : 5 + T1120 : 5 + T1014 : 5 + T1494 : 5 + T1113 : 5 + T1058 : 5 + T1518 : 5 + T1045 : 5 + T1165 : 5 + T1072 : 5 + T1127 : 5 + T1111 : 5 + T1204 : 5 + T1220 : 5 + software_id: [] + enabled: True \ No newline at end of file diff --git a/threat-actor-data/20200318-RedCanary.yaml b/threat-actor-data/20200318-RedCanary.yaml new file mode 100644 index 0000000..d85a7cb --- /dev/null +++ b/threat-actor-data/20200318-RedCanary.yaml @@ -0,0 +1,180 @@ +%YAML 1.2 +--- +# Source: https://redcanary.com/threat-detection-report/introduction/ +version: 1.0 +file_type: group-administration +platform: + - Windows + - Linux + - macOS +groups: + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Overall + technique_id: + T1055 : 17 + T1053 : 13 + T1077 : 13 + T1086 : 12 + T1105 : 9 + T1036 : 7 + T1064 : 5 + T1038 : 5 + T1482 : 5 + T1089 : 5 + T1003 : 5 + T1035 : 4 + T1047 : 4 + T1085 : 3 + T1140 : 2 + T1093 : 2 + T1015 : 2 + T1168 : 2 + T1170 : 2 + T1193 : 2 + software_id: [] + enabled: True + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Education + technique_id: + T1053 : 35 + T1077 : 33 + T1055 : 16 + T1064 : 13 + T1089 : 13 + T1035 : 5 + T1047 : 3 + T1086 : 3 + T1036 : 3 + T1038 : 2 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Energy + technique_id: + T1086 : 42 + T1064 : 15 + T1003 : 15 + T1089 : 8 + T1140 : 8 + T1193 : 6 + T1059 : 5 + T1004 : 5 + T1015 : 5 + T1105 : 5 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Finance + technique_id: + T1086 : 28 + T1077 : 20 + T1003 : 50 + T1064 : 13 + T1055 : 10 + T1047 : 9 + T1193 : 8 + T1035 : 7 + T1105 : 7 + T1170 : 7 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Healthcare + technique_id: + T1055 : 54 + T1053 : 45 + T1077 : 25 + T1089 : 22 + T1482 : 22 + T1105 : 20 + T1086 : 15 + T1003 : 4 + T1047 : 4 + T1064 : 3 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Transportation + technique_id: + T1053 : 49 + T1055 : 43 + T1086 : 35 + T1064 : 30 + T1170 : 21 + T1003 : 6 + T1035 : 6 + T1047 : 4 + T1140 : 2 + T1193 : 2 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Manufacturing + technique_id: + T1055 : 23 + T1053 : 21 + T1077 : 19 + T1086 : 15 + T1135 : 12 + T1089 : 9 + T1105 : 9 + T1064 : 7 + T1003 : 8 + T1036 : 8 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Retail + technique_id: + T1086 : 44 + T1055 : 23 + T1003 : 16 + T1053 : 13 + T1193 : 10 + T1064 : 9 + T1070 : 8 + T1047 : 7 + T1090 : 7 + T1088 : 5 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Services + technique_id: + T1086 : 23 + T1003 : 19 + T1064 : 14 + T1036 : 12 + T1055 : 8 + T1105 : 7 + T1047 : 7 + T1193 : 7 + T1060 : 6 + T1035 : 6 + software_id: [] + enabled: False + - + group_name: Red Canary Threat Detection Report 2020 + campaign: Technology + technique_id: + T1055 : 28 + T1086 : 19 + T1105 : 18 + T1077 : 18 + T1036 : 17 + T1038 : 15 + T1053 : 14 + T1035 : 10 + T1003 : 9 + T1482 : 8 + software_id: [] + enabled: False \ No newline at end of file diff --git a/threat-actor-data/20200331-RecordedFuture.yaml b/threat-actor-data/20200331-RecordedFuture.yaml new file mode 100644 index 0000000..ae1de59 --- /dev/null +++ b/threat-actor-data/20200331-RecordedFuture.yaml @@ -0,0 +1,26 @@ +%YAML 1.2 +--- +# Source: https://go.recordedfuture.com/hubfs/reports/cta-2020-0331.pdf +version: 1.0 +file_type: group-administration +platform: + - Windows + - Linux + - macOS +groups: + - group_name: Recorded Future TTP Annual Report 2019 + campaign: Top 10 + # confirmed malicious sandbox submissions + technique_id: + T1063 : 22961 + T1027 : 21992 + T1055 : 19703 + T1082 : 18842 + T1057 : 17526 + T1045 : 16341 + T1073 : 16236 + T1022 : 14005 + T1106 : 13805 + T1032 : 13603 + software_id: [] + enabled: True \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200306-CrowdStrike/attack_windows-linux-macos_crowdstrike-global-threat-report-2020.json b/threat-actor-data/ATT&CK-Navigator-layers/20200306-CrowdStrike/attack_windows-linux-macos_crowdstrike-global-threat-report-2020.json new file mode 100644 index 0000000..415208f --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200306-CrowdStrike/attack_windows-linux-macos_crowdstrike-global-threat-report-2020.json @@ -0,0 +1,150 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): CrowdStrike Global Threat Report 2020 | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1193", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1143", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1082", "score": 48, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1045", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1136", "score": 28, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1083", "score": 42, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1053", "score": 17, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1146", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1001", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1098", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1215", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1494", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1048", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1022", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1169", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1076", "score": 48, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1486", "score": 32, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1490", "score": 16, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1077", "score": 22, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1500", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1035", "score": 17, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1219", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1496", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1114", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1091", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1117", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1222", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1032", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1529", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1482", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1063", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1055", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1040", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1135", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1201", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1176", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1192", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1028", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1037", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1089", "score": 40, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1070", "score": 27, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1065", "score": 19, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1208", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1007", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1090", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1120", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1518", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1105", "score": 53, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1199", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1087", "score": 50, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1026", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1041", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1027", "score": 34, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1212", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1118", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1086", "score": 52, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1214", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1043", "score": 37, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1140", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1031", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1068", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1103", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1072", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1197", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1020", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1071", "score": 13, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1166", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1113", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1066", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1147", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1165", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1190", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1127", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1115", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1093", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1039", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1133", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1079", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1196", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1119", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1033", "score": 51, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1038", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1204", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1059", "score": 70, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1116", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1014", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1050", "score": 16, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1069", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1124", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1191", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1078", "score": 65, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1036", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1085", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1111", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1112", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1159", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1100", "score": 33, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1024", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1132", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1102", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1060", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1012", "score": 13, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1058", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1073", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1021", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1145", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1064", "score": 56, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1220", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1074", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1203", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1108", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1200", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1107", "score": 22, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1049", "score": 46, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1018", "score": 45, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1005", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1170", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1213", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1095", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1088", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1183", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1099", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1047", "score": 39, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1489", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1168", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1134", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1106", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1046", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1139", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1158", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1094", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1126", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1057", "score": 43, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1056", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1016", "score": 54, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1003", "score": 52, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1110", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1002", "score": 15, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1015", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1084", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1061", "score": 23, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1081", "score": 15, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}, +{"techniqueID": "T1148", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 70}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(education).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(education).json new file mode 100644 index 0000000..ce96468 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(education).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Education) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1038", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1089", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1035", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1086", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1055", "score": 16, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1064", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1077", "score": 33, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1036", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}, +{"techniqueID": "T1053", "score": 35, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Education"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 35}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(energy).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(energy).json new file mode 100644 index 0000000..8de7c9c --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(energy).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Energy) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1004", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1193", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1003", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1064", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1015", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1059", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1105", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1086", "score": 42, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1140", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}, +{"techniqueID": "T1089", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Energy"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 42}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(finance).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(finance).json new file mode 100644 index 0000000..f64b577 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(finance).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Finance) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1193", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1035", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1105", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1170", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1086", "score": 28, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1077", "score": 20, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1064", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1003", "score": 50, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}, +{"techniqueID": "T1055", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Finance"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 50}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(healthcare).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(healthcare).json new file mode 100644 index 0000000..0cc4b2a --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(healthcare).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Healthcare) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1003", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1077", "score": 25, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1053", "score": 45, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1482", "score": 22, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1055", "score": 54, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1105", "score": 20, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1086", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1064", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}, +{"techniqueID": "T1089", "score": 22, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Healthcare"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 54}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(manufacturing).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(manufacturing).json new file mode 100644 index 0000000..c2a17ec --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(manufacturing).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Manufacturing) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1086", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1003", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1036", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1077", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1135", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1053", "score": 21, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1064", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1055", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1089", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}, +{"techniqueID": "T1105", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Manufacturing"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 23}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(overall).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(overall).json new file mode 100644 index 0000000..ad0852c --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(overall).json @@ -0,0 +1,47 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Overall) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1003", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1193", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1482", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1140", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1055", "score": 17, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1168", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1053", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1170", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1077", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1086", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1015", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1105", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1036", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1085", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1038", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1035", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1093", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1064", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}, +{"techniqueID": "T1089", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Overall"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 17}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(retail).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(retail).json new file mode 100644 index 0000000..4e6df04 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(retail).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Retail) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1064", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1055", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1090", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1053", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1047", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1088", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1086", "score": 44, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1070", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1193", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}, +{"techniqueID": "T1003", "score": 16, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Retail"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 44}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(services).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(services).json new file mode 100644 index 0000000..fbc2641 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(services).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Services) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1055", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1105", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1064", "score": 14, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1003", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1036", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1035", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1086", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1060", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}, +{"techniqueID": "T1193", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Services"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 23}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(technology).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(technology).json new file mode 100644 index 0000000..6e6dede --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(technology).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Technology) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1105", "score": 18, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1086", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1053", "score": 14, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1036", "score": 17, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1003", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1077", "score": 18, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1035", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1482", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1055", "score": 28, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}, +{"techniqueID": "T1038", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Technology"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 28}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(transportation).json b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(transportation).json new file mode 100644 index 0000000..e904e27 --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(transportation).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Transportation) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1035", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1003", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1053", "score": 49, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1055", "score": 43, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1140", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1170", "score": 21, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1086", "score": 35, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1193", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}, +{"techniqueID": "T1064", "score": 30, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"}, +{"name": "-Campaign", "value": "Transportation"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 49}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file diff --git a/threat-actor-data/ATT&CK-Navigator-layers/20200331-RecordedFuture/attack_windows-linux-macos_recorded-future-ttp-annual-report-2019-(top-10).json b/threat-actor-data/ATT&CK-Navigator-layers/20200331-RecordedFuture/attack_windows-linux-macos_recorded-future-ttp-annual-report-2019-(top-10).json new file mode 100644 index 0000000..e50f8ca --- /dev/null +++ b/threat-actor-data/ATT&CK-Navigator-layers/20200331-RecordedFuture/attack_windows-linux-macos_recorded-future-ttp-annual-report-2019-(top-10).json @@ -0,0 +1,27 @@ +{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Recorded Future TTP Annual Report 2019 (Top 10) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]}, +"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1073", "score": 16236, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1032", "score": 13603, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1055", "score": 19703, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1063", "score": 22961, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1022", "score": 14005, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1106", "score": 13805, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1045", "score": 16341, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1027", "score": 21992, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1082", "score": 18842, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}, +{"techniqueID": "T1057", "score": 17526, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"}, +{"name": "-Campaign", "value": "Top 10"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 22961}, +"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"}, +{"label": "Tech. used frequently", "color": "#ff0000"}, +{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"}, +{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"}, +{"label": "Src. of tech. is only software", "color": "#0d47a1 "}, +{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]} \ No newline at end of file