infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into development

master
Ruben Bouman 2020-03-18 13:31:16 +01:00
parent 72fe53d342 2db99b1fb7
commit 74aac77445
2 changed files with 202 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
threat-actor-data/20200220-FireEye.yaml Normal file
View File

@ -0,0 +1,104 @@
%YAML 1.2
---
# Source: https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
version: 1.0
file_type: group-administration
platform:
- all
groups:
- group_name: FireEye M-Trends 2020
campaign:
technique_id:
T1040 : 1 # 0.44%
T1201 : 1 # 0.44%
T1007 : 1 # 0.44%
T1124 : 1 # 0.44%
T1480 : 1 # 0.44%
T1158 : 1 # 0.44%
T1093 : 1 # 0.44%
T1031 : 1 # 0.44%
T1023 : 1 # 0.44%
T1081 : 1 # 0.44%
T1214 : 1 # 0.44%
T1111 : 1 # 0.44%
T1491 : 1 # 0.44%
T1173 : 1 # 0.44%
T1106 : 1 # 0.44%
T1170 : 1 # 0.44%
T1179 : 1 # 0.44%
T1049 : 1 # 0,88%
T1497 : 1 # 0,88%
T1036 : 1 # 0,88%
T1117 : 1 # 0,88%
T1096 : 1 # 0,88%
T1482 : 1 # 1,32%
T1135 : 1 # 1,32%
T1140 : 1 # 1,32%
T1168 : 1 # 1,32%
T1077 : 1 # 1,32%
T1490 : 1 # 1,32%
T1492 : 1 # 1,32%
T1014 : 2 # 1,76%
T1094 : 2 # 1,76%
T1047 : 2 # 1,76%
T1138 : 2 # 1,76%
T1055 : 2 # 2,20%
T1058 : 2 # 2,20%
T1188 : 2 # 2,20%
T1219 : 2 # 2,20%
T1021 : 2 # 2,20%
T1496 : 2 # 2,20%
T1083 : 3 # 3,08%
T1046 : 3 # 3,08%
T1057 : 3 # 3,08%
T1016 : 3 # 3,08%
T1054 : 3 # 3,08%
T1004 : 3 # 3,08%
T1015 : 3 # 3,08%
T1087 : 4 # 3,52%
T1069 : 4 # 3,52%
T1034 : 4 # 3,52%
T1012 : 4 # 3,96%
T1038 : 4 # 3,96%
T1073 : 4 # 3,96%
T1099 : 4 # 3,96%
T1102 : 4 # 3,96%
T1022 : 4 # 4,00%
T1192 : 4 # 4,41%
T1136 : 5 # 4,85%
T1486 : 5 # 4,85%
T1033 : 5 # 5,29%
T1116 : 5 # 5,29%
T1090 : 5 # 5,29%
T1070 : 5 # 5,29%
T1060 : 5 # 5,29%
T1110 : 5 # 5,29%
T1193 : 5 # 5,29%
T1082 : 6 # 5,73%
T1089 : 6 # 5,73%
T1112 : 7 # 6,61%
T1063 : 7 # 7,49%
T1199 : 7 # 7,49%
T1059 : 8 # 7,93%
T1489 : 8 # 8,37%
T1045 : 9 # 9,25%
T1003 : 9 # 9,25%
T1071 : 10 # 10,13%
T1098 : 10 # 10,13%
T1107 : 11 # 10,57%
T1105 : 11 # 10,57%
T1053 : 11 # 10,57%
T1078 : 11 # 10,57%
T1202 : 13 # 12,78%
T1002 : 13 # 13,00%
T1032 : 14 # 14,10%
T1100 : 16 # 15,86%
T1190 : 17 # 16,74%
T1076 : 19 # 18,94%
T1133 : 28 # 28,19%
T1035 : 28 # 28,19%
T1086 : 29 # 28,63%
T1064 : 30 # 30,40%
T1027 : 31 # 31,28%
software_id: []
enabled: True

98
threat-actor-data/ATT&CK-Navigator-layers/20200220-FireEye/attack_all_fireeye-m-trends-2020.json Normal file
View File

@ -0,0 +1,98 @@
{"name": "Attack - all", "version": "2.2", "domain": "mitre-enterprise", "description": "stage: attack | platform(s): all | group(s): FireEye M-Trends 2020 | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["Windows", "Linux", "macOS", "AWS", "GCP", "Azure", "Azure AD", "Office 365", "SaaS"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1491", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1124", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1093", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1214", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1135", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1199", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1136", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1063", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1193", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1489", "score": 8, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1014", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1168", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1094", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1055", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1106", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1059", "score": 8, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1049", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1480", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1032", "score": 14, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1007", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1100", "score": 16, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1099", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1058", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1057", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1202", "score": 13, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1023", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1086", "score": 29, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1054", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1112", "score": 7, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1083", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1047", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1078", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1002", "score": 13, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1076", "score": 19, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1015", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1090", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1089", "score": 6, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1022", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1116", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1496", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1071", "score": 10, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1170", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1111", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1004", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1081", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1192", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1133", "score": 28, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1035", "score": 28, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1482", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1077", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1117", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1138", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1040", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1021", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1045", "score": 9, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1046", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1053", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1158", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1027", "score": 31, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1492", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1173", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1201", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1069", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1003", "score": 9, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1490", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1073", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1033", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1087", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1036", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1110", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1016", "score": 3, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1096", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1070", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1190", "score": 17, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1497", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1107", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1140", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1486", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1060", "score": 5, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1105", "score": 11, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1038", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1012", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1082", "score": 6, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1098", "score": 10, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1102", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1034", "score": 4, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1064", "score": 30, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1031", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1179", "score": 1, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1188", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]},
{"techniqueID": "T1219", "score": 2, "metadata": [{"name": "-Groups", "value": "FireEye M-Trends 2020"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 31},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}