Added group yaml and layer file for the "ATT&CK Techniques and Trends in Windows Malware" publication by Kris Oosthoek and Christian Doerr.

threat-actor-data/20190902-ATTACK-Techniques-and-trends-in-windows-malware.yaml

@@ -0,0 +1,85 @@
+%YAML 1.2
+---
+version: 1.0
+file_type: group-administration
+groups:
+  - group_name: ATT&CK Techniques and Trends in Windows Malware
+    # Publication: ATT&CK Techniques and Trends in Windows Malware
+    # Authors:     Kris Oosthoek and Christian Doerr
+    # Source:      https://krisk.io/post/sok-attack-securecomm19.pdf
+    campaign:
+    technique_id:
+      T1012: 950
+      T1063: 748
+      T1057: 684
+      T1082: 669
+      T1083: 658
+      T1027: 604
+      T1055: 597
+      T1022: 576
+      T1106: 562
+      T1045: 558
+      T1124: 506
+      T1105: 423
+      T1140: 378
+      T1071: 338
+      T1060: 287
+      T1050: 273
+      T1010: 216
+      T1033: 210
+      T1134: 197
+      T1085: 175
+      T1036: 165
+      T1059: 161
+      T1107: 135
+      T1043: 129
+      T1035: 115
+      T1073: 106
+      T1032: 104
+      T1089: 98
+      T1016: 97
+      T1115: 94
+      T1056: 94
+      T1047: 82
+      T1064: 71
+      T1065: 67
+      T1003: 56
+      T1031: 53
+      T1112: 50
+      T1113: 48
+      T1102: 47
+      T1179: 41
+      T1120: 35
+      T1068: 33
+      T1091: 30
+      T1053: 29
+      T1067: 26
+      T1018: 21
+      T1114: 20
+      T1007: 19
+      T1158: 16
+      T1049: 15
+      T1005: 14
+      T1081: 12
+      T1087: 12
+      T1135: 12
+      T1176: 10
+      T1188: 10
+      T1044: 8
+      T1014: 8
+      T1070: 8
+      T1074: 8
+      T1076: 8
+      T1096: 7
+      T1088: 1 # value < 7
+      T1136: 1 # value < 7
+      T1214: 1 # value < 7
+      T1048: 1 # value < 7
+      T1203: 1 # value < 7
+      T1183: 1 # value < 7
+      T1130: 1 # value < 7
+      T1040: 1 # value < 7
+      T1086: 1 # value < 7
+      T1192: 1 # value < 7
+    software_id: []
+    enabled: True