infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added "Rapid7 Quarterly Threat Report Q1 2019"

master
Marcus Bakker 2019-07-02 08:54:28 +02:00
parent 95e9a4b068
commit 787ca07afb
2 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
threat-actor-data/20190528-Rapid7.yaml Normal file
View File

@ -0,0 +1,35 @@
%YAML 1.2
---
version: 1.0
file_type: group-administration
groups:
-
group_name: Rapid7 Quarterly Threat Report Q1 2019
campaign:
technique_id:
T1195: 2
T1059: 2
T1106: 2
T1035: 2
T1204: 2
T1189: 3
T1407: 9 # mobile technique
T1018: 10
T1219: 16
T1496: 20
T1105: 40
T1071: 45
T1165: 50
T1060: 50
T1021: 60
T1486: 77
T1082: 90
T1027: 91
T1064: 96
T1133: 97
T1114: 99
T1472: 99 # mobile technique
T1411: 99
software_id: []
enabled: True

30
threat-actor-data/ATT&CK-Navigator-layers/20190528-Rapid7/attack_windows_Rapid7 Quarterly Threat Report Q1 2019.json Normal file
View File

@ -0,0 +1,30 @@
{"name": "Attack Windows", "version": "2.1", "domain": "mitre-enterprise", "description": "stage: attack | platform: Windows | group(s): Rapid7 Quarterly Threat Report Q1 2019 | overlay group(s): ", "filters": {"stages": ["act"], "platforms": ["windows"]},
"sorting": 3, "viewMode": 0, "hideDisable": false, "techniques": [{"techniqueID": "T1018", "score": 10, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1219", "score": 16, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1195", "score": 2, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1064", "score": 96, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1071", "score": 45, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1189", "score": 3, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1204", "score": 2, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1486", "score": 77, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1496", "score": 20, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1060", "score": 50, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1165", "score": 50, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1407", "score": 9, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1114", "score": 99, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1021", "score": 60, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1027", "score": 91, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1106", "score": 2, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1059", "score": 2, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1082", "score": 90, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1411", "score": 99, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1133", "score": 97, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1472", "score": 99, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1035", "score": 2, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]},
{"techniqueID": "T1105", "score": 40, "metadata": [{"name": "-Groups", "value": "Rapid7 Quarterly Threat Report Q1 2019"}]}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "gradient": {"colors": ["#ffcece", "#ff0000"], "minValue": 0, "maxValue": 99},
"legendItems": [{"label": "Tech. not often used", "color": "#ffcece"},
{"label": "Tech. used frequently", "color": "#ff0000"},
{"label": "Groups overlay: tech. in group + overlay", "color": "#f9a825"},
{"label": "Groups overlay: tech. in overlay", "color": "#ffee58"},
{"label": "Src. of tech. is only software", "color": "#0d47a1 "},
{"label": "Src. of tech. is group(s)/overlay + software", "color": "#64b5f6 "}]}