%YAML 1.2
---
# Publication: ATT&CK Techniques and Trends in Windows Malware
# Authors:     Kris Oosthoek and Christian Doerr
# Source:      https://krisk.io/post/sok-attack-securecomm19.pdf
version: 1.0
file_type: group-administration
platform: Windows
groups:
  - group_name: ATT&CK Techniques and Trends in Windows Malware
    campaign:
    technique_id:
      T1012: 950
      T1063: 748
      T1057: 684
      T1082: 669
      T1083: 658
      T1027: 604
      T1055: 597
      T1022: 576
      T1106: 562
      T1045: 558
      T1124: 506
      T1105: 423
      T1140: 378
      T1071: 338
      T1060: 287
      T1050: 273
      T1010: 216
      T1033: 210
      T1134: 197
      T1085: 175
      T1036: 165
      T1059: 161
      T1107: 135
      T1043: 129
      T1035: 115
      T1073: 106
      T1032: 104
      T1089: 98
      T1016: 97
      T1115: 94
      T1056: 94
      T1047: 82
      T1064: 71
      T1065: 67
      T1003: 56
      T1031: 53
      T1112: 50
      T1113: 48
      T1102: 47
      T1179: 41
      T1120: 35
      T1068: 33
      T1091: 30
      T1053: 29
      T1067: 26
      T1018: 21
      T1114: 20
      T1007: 19
      T1158: 16
      T1049: 15
      T1005: 14
      T1081: 12
      T1087: 12
      T1135: 12
      T1176: 10
      T1188: 10
      T1044: 8
      T1014: 8
      T1070: 8
      T1074: 8
      T1076: 8
      T1096: 7
      T1088: 1 # value < 7
      T1136: 1 # value < 7
      T1214: 1 # value < 7
      T1048: 1 # value < 7
      T1203: 1 # value < 7
      T1183: 1 # value < 7
      T1130: 1 # value < 7
      T1040: 1 # value < 7
      T1086: 1 # value < 7
      T1192: 1 # value < 7
    software_id: []
    enabled: True