7168 lines
171 KiB
YAML
7168 lines
171 KiB
YAML
version: 1.2
|
|
file_type: technique-administration
|
|
name: example
|
|
platform:
|
|
- Windows
|
|
- Azure
|
|
- Azure AD
|
|
- Office 365
|
|
# - Note that detection and visibility are independent from each other.
|
|
# Meaning that detection could be left blank and only have visibility filled in.
|
|
# - Also note that the below serves purely as an example and is therefore not accurate on all areas.
|
|
#
|
|
# - If desired you are free to add any key-value pairs. This will not impact the functionality of the tool.
|
|
techniques:
|
|
- technique_id: T1222
|
|
technique_name: File and Directory Permissions Modification
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.001
|
|
technique_name: Compiled HTML File
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1221
|
|
technique_name: Template Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1220
|
|
technique_name: XSL Script Processing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1217
|
|
technique_name: Browser Bookmark Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.002
|
|
technique_name: Control Panel
|
|
detection:
|
|
- applicable_to:
|
|
- client endpoints
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1552.002
|
|
technique_name: Credentials in Registry
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1189
|
|
technique_name: Drive-by Compromise
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- SIEM UC 123
|
|
- Tool Model Y
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-08-05T00:00:00.000Z
|
|
score: 3
|
|
comment: This detection was improved due to the availability of the new log source Process use of network
|
|
- date: 2018-11-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1203
|
|
technique_name: Exploitation for Client Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1210
|
|
technique_name: Exploitation of Remote Services
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1211
|
|
technique_name: Exploitation for Defense Evasion
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1202
|
|
technique_name: Indirect Command Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1212
|
|
technique_name: Exploitation for Credential Access
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1201
|
|
technique_name: Password Policy Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- domain controllers
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.003
|
|
technique_name: CMSTP
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1219
|
|
technique_name: Remote Access Software
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 3
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1553.003
|
|
technique_name: SIP and Trust Provider Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218
|
|
technique_name: Signed Binary Proxy Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1566.001
|
|
technique_name: Spearphishing Attachment
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1216
|
|
technique_name: Signed Script Proxy Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1566.002
|
|
technique_name: Spearphishing Link
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.003
|
|
technique_name: Time Providers
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1195.001
|
|
technique_name: Compromise Software Dependencies and Development Tools
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1566.003
|
|
technique_name: Spearphishing via Service
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1204
|
|
technique_name: User Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 0
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.009
|
|
technique_name: AppCert DLLs
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1176
|
|
technique_name: Browser Extensions
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1021.003
|
|
technique_name: Distributed Component Object Model
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1185
|
|
technique_name: Man in the Browser
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1556.002
|
|
technique_name: Password Filter DLL
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.005
|
|
technique_name: Mshta
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1557.001
|
|
technique_name: LLMNR/NBT-NS Poisoning and SMB Relay
|
|
detection:
|
|
- applicable_to:
|
|
- client endpoints
|
|
location:
|
|
- Third party product A
|
|
comment: |
|
|
This comment will be
|
|
multiline in
|
|
Excel
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
- applicable_to:
|
|
- servers
|
|
location:
|
|
- Model I
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-05-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- client endpoints
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: false
|
|
- applicable_to:
|
|
- servers
|
|
comment: |
|
|
This comment will be
|
|
multiline in
|
|
Excel
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1559.002
|
|
technique_name: Dynamic Data Exchange
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1056.004
|
|
technique_name: Credential API Hooking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1055.013
|
|
technique_name: Process Doppelgänging
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1090.004
|
|
technique_name: Domain Fronting
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-08-01T00:00:00.000Z
|
|
score: 5
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1546.012
|
|
technique_name: Image File Execution Options Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Tool
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-11-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1547.008
|
|
technique_name: LSASS Driver
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.002
|
|
technique_name: Screensaver
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1134
|
|
technique_name: Access Token Manipulation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.011
|
|
technique_name: Application Shimming
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- SIEM
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1140
|
|
technique_name: Deobfuscate/Decode Files or Information
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1136
|
|
technique_name: Create Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1137
|
|
technique_name: Office Application Startup
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1564.001
|
|
technique_name: Hidden Files and Directories
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1135
|
|
technique_name: Network Share Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1132
|
|
technique_name: Data Encoding
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.002
|
|
technique_name: Authentication Package
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1129
|
|
technique_name: Shared Modules
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.007
|
|
technique_name: Netsh Helper DLL
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1127
|
|
technique_name: Trusted Developer Utilities Proxy Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1070.005
|
|
technique_name: Network Share Connection Removal
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1125
|
|
technique_name: Video Capture
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1124
|
|
technique_name: System Time Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1123
|
|
technique_name: Audio Capture
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.015
|
|
technique_name: Component Object Model Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.009
|
|
technique_name: Regsvcs/Regasm
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.004
|
|
technique_name: InstallUtil
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1218.010
|
|
technique_name: Regsvr32
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1114
|
|
technique_name: Email Collection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1113
|
|
technique_name: Screen Capture
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1112
|
|
technique_name: Modify Registry
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1111
|
|
technique_name: Two-Factor Authentication Interception
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1542.002
|
|
technique_name: Component Firmware
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1106
|
|
technique_name: Native API
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1105
|
|
technique_name: Ingress Tool Transfer
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.010
|
|
technique_name: AppInit DLLs
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1102
|
|
technique_name: Web Service
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.005
|
|
technique_name: Security Support Provider
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- SIEM UC 789
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-11-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1505.003
|
|
technique_name: Web Shell
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1070.006
|
|
technique_name: Timestomp
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Tool Model X
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-11-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1095
|
|
technique_name: Non-Application Layer Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1055.012
|
|
technique_name: Process Hollowing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1090
|
|
technique_name: Proxy
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1562.001
|
|
technique_name: Disable or Modify Tools
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1548.002
|
|
technique_name: Bypass User Access Control
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1087
|
|
technique_name: Account Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1059.001
|
|
technique_name: PowerShell
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1218.011
|
|
technique_name: Rundll32
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1083
|
|
technique_name: File and Directory Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1082
|
|
technique_name: System Information Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1080
|
|
technique_name: Taint Shared Content
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1078
|
|
technique_name: Valid Accounts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1021.002
|
|
technique_name: SMB/Windows Admin Shares
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-10-01T00:00:00.000Z
|
|
score: 0
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1021.001
|
|
technique_name: Remote Desktop Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1074
|
|
technique_name: Data Staged
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1574.002
|
|
technique_name: DLL Side-Loading
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1071.001
|
|
technique_name: Web Protocols
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- SIEM UC 123
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-11-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1070
|
|
technique_name: Indicator Removal on Host
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1069
|
|
technique_name: Permission Groups Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1068
|
|
technique_name: Exploitation for Privilege Escalation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1027.005
|
|
technique_name: Indicator Removal from Tools
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1571
|
|
technique_name: Non-Standard Port
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model B
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-10-01T00:00:00.000Z
|
|
score: 5
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1059.005
|
|
technique_name: Visual Basic
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
- AV Product
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1518.001
|
|
technique_name: Security Software Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.001
|
|
technique_name: Registry Run Keys / Startup Folder
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1059
|
|
technique_name: Command and Scripting Interpreter
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1574.011
|
|
technique_name: Services Registry Permissions Weakness
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1057
|
|
technique_name: Process Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1056
|
|
technique_name: Input Capture
|
|
detection:
|
|
- applicable_to:
|
|
- client endpoints
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1055
|
|
technique_name: Process Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1562.006
|
|
technique_name: Indicator Blocking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1053
|
|
technique_name: Scheduled Task/Job
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1049
|
|
technique_name: System Network Connections Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1048
|
|
technique_name: Exfiltration Over Alternative Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1047
|
|
technique_name: Windows Management Instrumentation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.001
|
|
technique_name: Change Default File Association
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1041
|
|
technique_name: Exfiltration Over C2 Channel
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1040
|
|
technique_name: Network Sniffing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1039
|
|
technique_name: Data from Network Shared Drive
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1574.001
|
|
technique_name: DLL Search Order Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1037.005
|
|
technique_name: Boot or Logon Initialization Scripts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model F
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-05-07T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1036.003
|
|
technique_name: Rename System Utilities
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model C
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-02-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1569.002
|
|
technique_name: Service Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1574.007
|
|
technique_name: Path Interception by PATH Environment Variable
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1033
|
|
technique_name: System Owner/User Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1543.003
|
|
technique_name: Windows Service
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1030
|
|
technique_name: Data Transfer Size Limits
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1029
|
|
technique_name: Scheduled Transfer
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1021.006
|
|
technique_name: Windows Remote Management
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1027
|
|
technique_name: Obfuscated Files or Information
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1025
|
|
technique_name: Data from Removable Media
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1573
|
|
technique_name: Encrypted Channel
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 0
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.009
|
|
technique_name: Shortcut Modification
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1020
|
|
technique_name: Automated Exfiltration
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1018
|
|
technique_name: Remote System Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third party product A
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-01-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1072
|
|
technique_name: Software Deployment Tools
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1016
|
|
technique_name: System Network Configuration Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1546.008
|
|
technique_name: Accessibility Features
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.010
|
|
technique_name: Port Monitors
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1012
|
|
technique_name: Query Registry
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1011
|
|
technique_name: Exfiltration Over Other Network Medium
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1010
|
|
technique_name: Application Window Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1008
|
|
technique_name: Fallback Channels
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1007
|
|
technique_name: System Service Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1005
|
|
technique_name: Data from Local System
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1547.004
|
|
technique_name: Winlogon Helper DLL
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1003
|
|
technique_name: OS Credential Dumping
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- EDR
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2018-12-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1560
|
|
technique_name: Archive Collected Data
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model D
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2017-10-10T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1001
|
|
technique_name: Data Obfuscation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1485
|
|
technique_name: Data Destruction
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1486
|
|
technique_name: Data Encrypted for Impact
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Model J
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2015-01-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1561.001
|
|
technique_name: Disk Content Wipe
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1499
|
|
technique_name: Endpoint Denial of Service
|
|
detection:
|
|
- applicable_to:
|
|
- websites
|
|
location:
|
|
- Third party
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2015-01-01T00:00:00.000Z
|
|
score: 5
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- websites
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1490
|
|
technique_name: Inhibit System Recovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1498
|
|
technique_name: Network Denial of Service
|
|
detection:
|
|
- applicable_to:
|
|
- websites
|
|
location:
|
|
- Third party
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2015-01-01T00:00:00.000Z
|
|
score: 5
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- websites
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: false
|
|
- technique_id: T1496
|
|
technique_name: Resource Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1565.003
|
|
technique_name: Runtime Data Manipulation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1489
|
|
technique_name: Service Stop
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1027.004
|
|
technique_name: Compile After Delivery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1568.002
|
|
technique_name: Domain Generation Algorithms
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 1
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1482
|
|
technique_name: Domain Trust Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1480
|
|
technique_name: Execution Guardrails
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 4
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1497
|
|
technique_name: Virtualization/Sandbox Evasion
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-03-01T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
auto_generated: true
|
|
- technique_id: T1187
|
|
technique_name: Forced Authentication
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 1
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- technique_id: T1056.002
|
|
technique_name: GUI Input Capture
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 2
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- technique_id: T1104
|
|
technique_name: Multi-Stage Channels
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 1
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- technique_id: T1046
|
|
technique_name: Network Service Scanning
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2019-07-30T00:00:00.000Z
|
|
score: 1
|
|
comment: 'New data source: Process use of network'
|
|
auto_generated: true
|
|
- technique_id: T1001.001
|
|
technique_name: Junk Data
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1001.002
|
|
technique_name: Steganography
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1001.003
|
|
technique_name: Protocol Impersonation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1003.001
|
|
technique_name: LSASS Memory
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1003.002
|
|
technique_name: Security Account Manager
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1003.003
|
|
technique_name: NTDS
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1003.004
|
|
technique_name: LSA Secrets
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1003.005
|
|
technique_name: Cached Domain Credentials
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1011.001
|
|
technique_name: Exfiltration Over Bluetooth
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1021
|
|
technique_name: Remote Services
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1021.005
|
|
technique_name: VNC
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1027.001
|
|
technique_name: Binary Padding
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1036
|
|
technique_name: Masquerading
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1036.001
|
|
technique_name: Invalid Code Signature
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1036.004
|
|
technique_name: Masquerade Task or Service
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1036.005
|
|
technique_name: Match Legitimate Name or Location
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1037
|
|
technique_name: Boot or Logon Initialization Scripts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1037.001
|
|
technique_name: Logon Script (Windows)
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1037.003
|
|
technique_name: Network Logon Script
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1048.001
|
|
technique_name: Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1048.002
|
|
technique_name: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1048.003
|
|
technique_name: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1052
|
|
technique_name: Exfiltration Over Physical Medium
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1052.001
|
|
technique_name: Exfiltration over USB
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1053.002
|
|
technique_name: At (Windows)
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1053.005
|
|
technique_name: Scheduled Task
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.001
|
|
technique_name: Dynamic-link Library Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.002
|
|
technique_name: Portable Executable Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.003
|
|
technique_name: Thread Execution Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.004
|
|
technique_name: Asynchronous Procedure Call
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.005
|
|
technique_name: Thread Local Storage
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1055.011
|
|
technique_name: Extra Window Memory Injection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1056.001
|
|
technique_name: Keylogging
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1059.003
|
|
technique_name: Windows Command Shell
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1059.006
|
|
technique_name: Python
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1059.007
|
|
technique_name: JavaScript/JScript
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1069.001
|
|
technique_name: Local Groups
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1069.002
|
|
technique_name: Domain Groups
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1069.003
|
|
technique_name: Cloud Groups
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1070.001
|
|
technique_name: Clear Windows Event Logs
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1071
|
|
technique_name: Application Layer Protocol
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1071.002
|
|
technique_name: File Transfer Protocols
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1071.003
|
|
technique_name: Mail Protocols
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1071.004
|
|
technique_name: DNS
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- SIEM UC 128
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1074.001
|
|
technique_name: Local Data Staging
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1074.002
|
|
technique_name: Remote Data Staging
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1078.001
|
|
technique_name: Default Accounts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1078.002
|
|
technique_name: Domain Accounts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1078.004
|
|
technique_name: Cloud Accounts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1087.001
|
|
technique_name: Local Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1087.002
|
|
technique_name: Domain Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1087.003
|
|
technique_name: Email Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1087.004
|
|
technique_name: Cloud Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 3
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1090.001
|
|
technique_name: Internal Proxy
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1090.002
|
|
technique_name: External Proxy
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1098.001
|
|
technique_name: Additional Azure Service Principal Credentials
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1098.002
|
|
technique_name: Exchange Email Delegate Permissions
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1098.003
|
|
technique_name: Add Office 365 Global Administrator Role
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1102.001
|
|
technique_name: Dead Drop Resolver
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1102.002
|
|
technique_name: Bidirectional Communication
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1102.003
|
|
technique_name: One-Way Communication
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1110
|
|
technique_name: Brute Force
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1110.001
|
|
technique_name: Password Guessing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third paty product B
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1110.002
|
|
technique_name: Password Cracking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1110.003
|
|
technique_name: Password Spraying
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- Third paty product B
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 3
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1110.004
|
|
technique_name: Credential Stuffing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1114.001
|
|
technique_name: Local Email Collection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1114.002
|
|
technique_name: Remote Email Collection
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1114.003
|
|
technique_name: Email Forwarding Rule
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 3
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1120
|
|
technique_name: Peripheral Device Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1127.001
|
|
technique_name: MSBuild
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1132.001
|
|
technique_name: Standard Encoding
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1132.002
|
|
technique_name: Non-Standard Encoding
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1134.001
|
|
technique_name: Token Impersonation/Theft
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1134.002
|
|
technique_name: Create Process with Token
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1134.003
|
|
technique_name: Make and Impersonate Token
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1134.004
|
|
technique_name: Parent PID Spoofing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1136.001
|
|
technique_name: Local Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1136.002
|
|
technique_name: Domain Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1136.003
|
|
technique_name: Cloud Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.001
|
|
technique_name: Office Template Macros
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.002
|
|
technique_name: Office Test
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.003
|
|
technique_name: Outlook Forms
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.004
|
|
technique_name: Outlook Home Page
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.005
|
|
technique_name: Outlook Rules
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1137.006
|
|
technique_name: Add-ins
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1190
|
|
technique_name: Exploit Public-Facing Application
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1195
|
|
technique_name: Supply Chain Compromise
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1195.002
|
|
technique_name: Compromise Software Supply Chain
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1195.003
|
|
technique_name: Compromise Hardware Supply Chain
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1197
|
|
technique_name: BITS Jobs
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1199
|
|
technique_name: Trusted Relationship
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1204.001
|
|
technique_name: Malicious Link
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1204.002
|
|
technique_name: Malicious File
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1213
|
|
technique_name: Data from Information Repositories
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1213.002
|
|
technique_name: Sharepoint
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1216.001
|
|
technique_name: PubPrn
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1218.007
|
|
technique_name: Msiexec
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1218.008
|
|
technique_name: Odbcconf
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1222.001
|
|
technique_name: Windows File and Directory Permissions Modification
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1480.001
|
|
technique_name: Environmental Keying
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1497.001
|
|
technique_name: System Checks
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1497.002
|
|
technique_name: User Activity Based Checks
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1497.003
|
|
technique_name: Time Based Evasion
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1498.001
|
|
technique_name: Direct Network Flood
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1498.002
|
|
technique_name: Reflection Amplification
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1499.001
|
|
technique_name: OS Exhaustion Flood
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1499.002
|
|
technique_name: Service Exhaustion Flood
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1499.003
|
|
technique_name: Application Exhaustion Flood
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1499.004
|
|
technique_name: Application or System Exploitation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1505
|
|
technique_name: Server Software Component
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1518
|
|
technique_name: Software Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1526
|
|
technique_name: Cloud Service Discovery
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1528
|
|
technique_name: Steal Application Access Token
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1529
|
|
technique_name: System Shutdown/Reboot
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1530
|
|
technique_name: Data from Cloud Storage Object
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1531
|
|
technique_name: Account Access Removal
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1534
|
|
technique_name: Internal Spearphishing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1535
|
|
technique_name: Unused/Unsupported Cloud Regions
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1537
|
|
technique_name: Transfer Data to Cloud Account
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1538
|
|
technique_name: Cloud Service Dashboard
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1542
|
|
technique_name: Pre-OS Boot
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1543
|
|
technique_name: Create or Modify System Process
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1546
|
|
technique_name: Event Triggered Execution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1546.003
|
|
technique_name: Windows Management Instrumentation Event Subscription
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1546.013
|
|
technique_name: PowerShell Profile
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1548
|
|
technique_name: Abuse Elevation Control Mechanism
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1550
|
|
technique_name: Use Alternate Authentication Material
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1550.001
|
|
technique_name: Application Access Token
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1550.004
|
|
technique_name: Web Session Cookie
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1552
|
|
technique_name: Unsecured Credentials
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1552.005
|
|
technique_name: Cloud Instance Metadata API
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1553
|
|
technique_name: Subvert Trust Controls
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1553.004
|
|
technique_name: Install Root Certificate
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1554
|
|
technique_name: Compromise Client Software Binary
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1555
|
|
technique_name: Credentials from Password Stores
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1555.003
|
|
technique_name: Credentials from Web Browsers
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1556
|
|
technique_name: Modify Authentication Process
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1559
|
|
technique_name: Inter-Process Communication
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1559.001
|
|
technique_name: Component Object Model
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1560.001
|
|
technique_name: Archive via Utility
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1560.002
|
|
technique_name: Archive via Library
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1561
|
|
technique_name: Disk Wipe
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1561.002
|
|
technique_name: Disk Structure Wipe
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1562
|
|
technique_name: Impair Defenses
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1562.002
|
|
technique_name: Disable Windows Event Logging
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1562.004
|
|
technique_name: Disable or Modify System Firewall
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1562.007
|
|
technique_name: Disable or Modify Cloud Firewall
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1563
|
|
technique_name: Remote Service Session Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1563.002
|
|
technique_name: RDP Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1564
|
|
technique_name: Hide Artifacts
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1564.003
|
|
technique_name: Hidden Window
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1564.005
|
|
technique_name: Hidden File System
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1564.006
|
|
technique_name: Run Virtual Instance
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1566
|
|
technique_name: Phishing
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1567
|
|
technique_name: Exfiltration Over Web Service
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1567.001
|
|
technique_name: Exfiltration to Code Repository
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1567.002
|
|
technique_name: Exfiltration to Cloud Storage
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1568
|
|
technique_name: Dynamic Resolution
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1568.001
|
|
technique_name: Fast Flux DNS
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1568.003
|
|
technique_name: DNS Calculation
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1569
|
|
technique_name: System Services
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1570
|
|
technique_name: Lateral Tool Transfer
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1572
|
|
technique_name: Protocol Tunneling
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1573.001
|
|
technique_name: Symmetric Cryptography
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1573.002
|
|
technique_name: Asymmetric Cryptography
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1574
|
|
technique_name: Hijack Execution Flow
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 1
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1574.008
|
|
technique_name: Path Interception by Search Order Hijacking
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1574.009
|
|
technique_name: Path Interception by Unquoted Path
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1574.012
|
|
technique_name: COR_PROFILER
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 2
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1578
|
|
technique_name: Modify Cloud Compute Infrastructure
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1578.001
|
|
technique_name: Create Snapshot
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1578.002
|
|
technique_name: Create Cloud Instance
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1578.003
|
|
technique_name: Delete Cloud Instance
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|
|
- technique_id: T1578.004
|
|
technique_name: Revert Cloud Instance
|
|
detection:
|
|
- applicable_to:
|
|
- all
|
|
location:
|
|
- ''
|
|
comment: ''
|
|
score_logbook:
|
|
- date: null
|
|
score: -1
|
|
comment: ''
|
|
visibility:
|
|
- applicable_to:
|
|
- all
|
|
comment: ''
|
|
score_logbook:
|
|
- date: 2020-07-10T00:00:00.000Z
|
|
score: 4
|
|
comment: introduction of sub-techniques
|
|
auto_generated: true
|