misp-galaxy/galaxies/mitre-attack-pattern.json

197 lines
4.4 KiB
JSON
Raw Normal View History

2017-08-16 12:17:00 +02:00
{
2017-10-26 10:28:53 +02:00
"description": "ATT&CK Tactic",
"icon": "map",
"kill_chain_order": {
"attack-Azure-AD": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"impact"
],
"attack-Containers": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"impact"
],
"attack-Google-Workspace": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"exfiltration",
"impact"
],
"attack-IaaS": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"exfiltration",
"impact"
],
"attack-Linux": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact"
],
"attack-Network": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact"
],
"attack-Office-365": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"exfiltration",
"impact"
],
"attack-PRE": [
"reconnaissance",
"resource-development"
],
"attack-SaaS": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"exfiltration",
"impact"
],
"attack-Windows": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact"
],
"attack-macOS": [
"initial-access",
2019-02-15 09:13:47 +01:00
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact"
],
"mobile-attack-Android": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact",
"network-effects",
"remote-service-effects"
],
"mobile-attack-iOS": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"command-and-control",
"exfiltration",
"impact",
2019-02-15 09:13:47 +01:00
"network-effects",
"remote-service-effects"
],
"pre-attack": [
2019-02-15 09:13:47 +01:00
"priority-definition-planning",
"priority-definition-direction",
"target-selection",
"technical-information-gathering",
"people-information-gathering",
"organizational-information-gathering",
"technical-weakness-identification",
"people-weakness-identification",
"organizational-weakness-identification",
"adversary-opsec",
"establish-&-maintain-infrastructure",
"persona-development",
"build-capabilities",
"test-capabilities",
"stage-capabilities",
"launch",
"compromise"
]
},
2019-02-15 09:13:47 +01:00
"name": "Attack Pattern",
"namespace": "mitre-attack",
"type": "mitre-attack-pattern",
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
"version": 10
2017-10-26 10:28:53 +02:00
}