infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added intel from CrowdStrike, Red Canary and Recorded Future

master
Marcus Bakker 2020-04-07 15:03:48 +02:00
parent ada59bb338
commit 516472b7ee
15 changed files with 831 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
threat-actor-data/20200306-CrowdStrike.yaml Normal file
View File

@ -0,0 +1,158 @@
%YAML 1.2
---
# Source: https://www.crowdstrike.com/resources/reports/2020-crowdstrike-global-threat-report/
version: 1.0
file_type: group-administration
platform:
- Windows
- Linux
- macOS
groups:
- group_name: CrowdStrike Global Threat Report 2020
campaign:
technique_id:
T1059 : 70
T1078 : 65
T1064 : 56
T1016 : 54
T1105 : 53
T1003 : 52
T1086 : 52
T1033 : 51
T1087 : 50
T1076 : 48
T1082 : 48
T1049 : 46
T1018 : 45
T1057 : 43
T1083 : 42
T1089 : 40
T1047 : 39
T1043 : 37
T1027 : 34
T1100 : 33
T1486 : 32
T1036 : 31
T1112 : 31
T1085 : 31
T1136 : 28
T1070 : 27
T1190 : 26
T1046 : 26
T1135 : 26
T1061 : 23
T1107 : 22
T1077 : 22
T1110 : 21
T1005 : 21
T1069 : 21
T1065 : 19
T1053 : 17
T1035 : 17
T1490 : 16
T1050 : 16
T1081 : 15
T1002 : 15
T1098 : 14
T1074 : 14
T1482 : 14
T1055 : 14
T1012 : 13
T1071 : 13
T1140 : 12
T1031 : 12
T1060 : 12
T1021 : 12
T1007 : 12
T1015 : 11
T1041 : 11
T1222 : 11
T1219 : 11
T1489 : 11
T1124 : 11
T1090 : 10
T1073 : 10
T1117 : 10
T1496 : 10
T1193 : 10
T1119 : 9
T1183 : 9
T1170 : 9
T1108 : 9
T1139 : 8
T1039 : 8
T1063 : 8
T1088 : 7
T1146 : 7
T1214 : 7
T1213 : 7
T1001 : 7
T1048 : 7
T1068 : 7
T1133 : 7
T1032 : 7
T1099 : 7
T1102 : 7
T1084 : 6
T1134 : 6
T1197 : 6
T1116 : 6
T1094 : 6
T1024 : 6
T1132 : 6
T1038 : 6
T1203 : 6
T1158 : 6
T1056 : 6
T1168 : 6
T1126 : 6
T1145 : 6
T1093 : 6
T1091 : 6
T1166 : 6
T1192 : 6
T1095 : 6
T1169 : 6
T1529 : 6
T1199 : 6
T1028 : 6
T1103 : 5
T1020 : 5
T1176 : 5
T1115 : 5
T1191 : 5
T1500 : 5
T1196 : 5
T1022 : 5
T1114 : 5
T1106 : 5
T1212 : 5
T1200 : 5
T1147 : 5
T1143 : 5
T1148 : 5
T1066 : 5
T1118 : 5
T1208 : 5
T1215 : 5
T1159 : 5
T1037 : 5
T1026 : 5
T1079 : 5
T1040 : 5
T1201 : 5
T1120 : 5
T1014 : 5
T1494 : 5
T1113 : 5
T1058 : 5
T1518 : 5
T1045 : 5
T1165 : 5
T1072 : 5
T1127 : 5
T1111 : 5
T1204 : 5
T1220 : 5
software_id: []
enabled: True

180
threat-actor-data/20200318-RedCanary.yaml Normal file
View File

@ -0,0 +1,180 @@
%YAML 1.2
---
# Source: https://redcanary.com/threat-detection-report/introduction/
version: 1.0
file_type: group-administration
platform:
- Windows
- Linux
- macOS
groups:
-
group_name: Red Canary Threat Detection Report 2020
campaign: Overall
technique_id:
T1055 : 17
T1053 : 13
T1077 : 13
T1086 : 12
T1105 : 9
T1036 : 7
T1064 : 5
T1038 : 5
T1482 : 5
T1089 : 5
T1003 : 5
T1035 : 4
T1047 : 4
T1085 : 3
T1140 : 2
T1093 : 2
T1015 : 2
T1168 : 2
T1170 : 2
T1193 : 2
software_id: []
enabled: True
-
group_name: Red Canary Threat Detection Report 2020
campaign: Education
technique_id:
T1053 : 35
T1077 : 33
T1055 : 16
T1064 : 13
T1089 : 13
T1035 : 5
T1047 : 3
T1086 : 3
T1036 : 3
T1038 : 2
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Energy
technique_id:
T1086 : 42
T1064 : 15
T1003 : 15
T1089 : 8
T1140 : 8
T1193 : 6
T1059 : 5
T1004 : 5
T1015 : 5
T1105 : 5
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Finance
technique_id:
T1086 : 28
T1077 : 20
T1003 : 50
T1064 : 13
T1055 : 10
T1047 : 9
T1193 : 8
T1035 : 7
T1105 : 7
T1170 : 7
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Healthcare
technique_id:
T1055 : 54
T1053 : 45
T1077 : 25
T1089 : 22
T1482 : 22
T1105 : 20
T1086 : 15
T1003 : 4
T1047 : 4
T1064 : 3
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Transportation
technique_id:
T1053 : 49
T1055 : 43
T1086 : 35
T1064 : 30
T1170 : 21
T1003 : 6
T1035 : 6
T1047 : 4
T1140 : 2
T1193 : 2
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Manufacturing
technique_id:
T1055 : 23
T1053 : 21
T1077 : 19
T1086 : 15
T1135 : 12
T1089 : 9
T1105 : 9
T1064 : 7
T1003 : 8
T1036 : 8
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Retail
technique_id:
T1086 : 44
T1055 : 23
T1003 : 16
T1053 : 13
T1193 : 10
T1064 : 9
T1070 : 8
T1047 : 7
T1090 : 7
T1088 : 5
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Services
technique_id:
T1086 : 23
T1003 : 19
T1064 : 14
T1036 : 12
T1055 : 8
T1105 : 7
T1047 : 7
T1193 : 7
T1060 : 6
T1035 : 6
software_id: []
enabled: False
-
group_name: Red Canary Threat Detection Report 2020
campaign: Technology
technique_id:
T1055 : 28
T1086 : 19
T1105 : 18
T1077 : 18
T1036 : 17
T1038 : 15
T1053 : 14
T1035 : 10
T1003 : 9
T1482 : 8
software_id: []
enabled: False

26
threat-actor-data/20200331-RecordedFuture.yaml Normal file
View File

@ -0,0 +1,26 @@
%YAML 1.2
---
# Source: https://go.recordedfuture.com/hubfs/reports/cta-2020-0331.pdf
version: 1.0
file_type: group-administration
platform:
- Windows
- Linux
- macOS
groups:
- group_name: Recorded Future TTP Annual Report 2019
campaign: Top 10
# confirmed malicious sandbox submissions
technique_id:
T1063 : 22961
T1027 : 21992
T1055 : 19703
T1082 : 18842
T1057 : 17526
T1045 : 16341
T1073 : 16236
T1022 : 14005
T1106 : 13805
T1032 : 13603
software_id: []
enabled: True

150
threat-actor-data/ATT&CK-Navigator-layers/20200306-CrowdStrike/attack_windows-linux-macos_crowdstrike-global-threat-report-2020.json Normal file
View File

@ -0,0 +1,150 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): CrowdStrike Global Threat Report 2020 | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1193", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1143", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1082", "score": 48, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1045", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1136", "score": 28, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1083", "score": 42, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1053", "score": 17, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1146", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1001", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1098", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1215", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1494", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1048", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1022", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1169", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1076", "score": 48, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1486", "score": 32, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1490", "score": 16, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1077", "score": 22, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1500", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1035", "score": 17, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1219", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1496", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1114", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1091", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1117", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1222", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1032", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1529", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1482", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1063", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1055", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1040", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1135", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1201", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1176", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1192", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1028", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1037", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1089", "score": 40, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1070", "score": 27, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1065", "score": 19, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1208", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1007", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1090", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1120", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1518", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1105", "score": 53, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1199", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1087", "score": 50, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1026", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1041", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1027", "score": 34, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1212", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1118", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1086", "score": 52, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1214", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1043", "score": 37, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1140", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1031", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1068", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1103", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1072", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1197", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1020", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1071", "score": 13, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1166", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1113", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1066", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1147", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1165", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1190", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1127", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1115", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1093", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1039", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1133", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1079", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1196", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1119", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1033", "score": 51, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1038", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1204", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1059", "score": 70, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1116", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1014", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1050", "score": 16, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1069", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1124", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1191", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1078", "score": 65, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1036", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1085", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1111", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1112", "score": 31, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1159", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1100", "score": 33, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1024", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1132", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1102", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1060", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1012", "score": 13, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1058", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1073", "score": 10, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1021", "score": 12, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1145", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1064", "score": 56, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1220", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1074", "score": 14, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1203", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1108", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1200", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1107", "score": 22, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1049", "score": 46, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1018", "score": 45, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1005", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1170", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1213", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1095", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1088", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1183", "score": 9, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1099", "score": 7, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1047", "score": 39, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1489", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1168", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1134", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1106", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1046", "score": 26, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1139", "score": 8, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1158", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1094", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1126", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1057", "score": 43, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1056", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1016", "score": 54, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1003", "score": 52, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1110", "score": 21, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1002", "score": 15, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1015", "score": 11, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1084", "score": 6, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1061", "score": 23, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1081", "score": 15, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]},
{"techniqueID": "T1148", "score": 5, "metadata": [{"name": "-Groups", "value": "CrowdStrike Global Threat Report 2020"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 70},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(education).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Education) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1038", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1089", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1035", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1086", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1055", "score": 16, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1064", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1077", "score": 33, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1036", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]},
{"techniqueID": "T1053", "score": 35, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Education"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 35},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(energy).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Energy) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1004", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1193", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1003", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1064", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1015", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1059", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1105", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1086", "score": 42, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1140", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]},
{"techniqueID": "T1089", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Energy"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 42},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(finance).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Finance) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1193", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1035", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1105", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1170", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1086", "score": 28, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1077", "score": 20, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1064", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1003", "score": 50, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]},
{"techniqueID": "T1055", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Finance"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 50},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(healthcare).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Healthcare) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1003", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1077", "score": 25, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1053", "score": 45, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1482", "score": 22, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1055", "score": 54, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1105", "score": 20, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1086", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1064", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]},
{"techniqueID": "T1089", "score": 22, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Healthcare"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 54},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(manufacturing).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Manufacturing) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1086", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1003", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1036", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1077", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1135", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1053", "score": 21, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1064", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1055", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1089", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]},
{"techniqueID": "T1105", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Manufacturing"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 23},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

47
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(overall).json Normal file
View File

@ -0,0 +1,47 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Overall) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1003", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1193", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1482", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1140", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1055", "score": 17, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1168", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1053", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1170", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1077", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1086", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1015", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1105", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1036", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1085", "score": 3, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1038", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1035", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1093", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1064", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]},
{"techniqueID": "T1089", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Overall"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 17},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(retail).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Retail) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1064", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1055", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1090", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1053", "score": 13, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1047", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1088", "score": 5, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1086", "score": 44, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1070", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1193", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]},
{"techniqueID": "T1003", "score": 16, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Retail"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 44},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(services).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Services) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1047", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1055", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1105", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1064", "score": 14, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1003", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1036", "score": 12, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1035", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1086", "score": 23, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1060", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]},
{"techniqueID": "T1193", "score": 7, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Services"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 23},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(technology).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Technology) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1105", "score": 18, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1086", "score": 19, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1053", "score": 14, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1036", "score": 17, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1003", "score": 9, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1077", "score": 18, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1035", "score": 10, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1482", "score": 8, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1055", "score": 28, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]},
{"techniqueID": "T1038", "score": 15, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Technology"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 28},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200318-RedCanary/attack_windows-linux-macos_red-canary-threat-detection-report-2020-(transportation).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Red Canary Threat Detection Report 2020 (Transportation) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1035", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1003", "score": 6, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1053", "score": 49, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1047", "score": 4, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1055", "score": 43, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1140", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1170", "score": 21, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1086", "score": 35, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1193", "score": 2, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]},
{"techniqueID": "T1064", "score": 30, "metadata": [{"name": "-Groups", "value": "Red Canary Threat Detection Report 2020"},
{"name": "-Campaign", "value": "Transportation"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 49},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}

27
threat-actor-data/ATT&CK-Navigator-layers/20200331-RecordedFuture/attack_windows-linux-macos_recorded-future-ttp-annual-report-2019-(top-10).json Normal file
View File

@ -0,0 +1,27 @@
{"name": "Attack - Windows, Linux, macOS", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): Windows, Linux, macOS | group(s): Recorded Future TTP Annual Report 2019 (Top 10) | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1073", "score": 16236, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1032", "score": 13603, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1055", "score": 19703, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1063", "score": 22961, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1022", "score": 14005, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1106", "score": 13805, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1045", "score": 16341, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1027", "score": 21992, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1082", "score": 18842, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]},
{"techniqueID": "T1057", "score": 17526, "metadata": [{"name": "-Groups", "value": "Recorded Future TTP Annual Report 2019"},
{"name": "-Campaign", "value": "Top 10"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 22961},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}