mirror of https://github.com/MISP/misp-galaxy
chg: [mitre-attack] updated to ATT&CK v14.0 Enterprise
parent
08ac7289a6
commit
852f205c75
File diff suppressed because it is too large
Load Diff
|
|
@ -153,6 +153,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "45241b9e-9bbc-4826-a2cc-78855e51ca09",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
|
||||
"tags": [
|
||||
|
|
@ -181,6 +188,20 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
|
||||
"tags": [
|
||||
|
|
@ -1853,6 +1874,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
|
||||
"tags": [
|
||||
|
|
@ -1993,6 +2021,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
|
||||
"tags": [
|
||||
|
|
@ -2227,6 +2262,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3775a580-a1d1-46c4-8147-c614a715f2e9",
|
||||
"tags": [
|
||||
|
|
@ -2805,6 +2847,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
|
||||
"tags": [
|
||||
|
|
@ -3350,6 +3399,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
|
||||
"tags": [
|
||||
|
|
@ -3941,6 +3997,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a0e6614a-7740-4b24-bd65-f1bde09fc365",
|
||||
"tags": [
|
||||
|
|
@ -4513,6 +4576,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
|
||||
"tags": [
|
||||
|
|
@ -4863,6 +4933,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
|
||||
"tags": [
|
||||
|
|
@ -4954,6 +5031,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35d30338-5bfa-41b0-a170-ec06dfd75f64",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
|
||||
"tags": [
|
||||
|
|
@ -4968,6 +5052,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "45241b9e-9bbc-4826-a2cc-78855e51ca09",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
|
||||
"tags": [
|
||||
|
|
@ -5010,6 +5101,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
|
||||
"tags": [
|
||||
|
|
@ -5052,6 +5150,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf",
|
||||
"tags": [
|
||||
|
|
@ -5073,6 +5178,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6fa224c7-5091-4595-bf15-3fc9fe2f2c7c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4",
|
||||
"tags": [
|
||||
|
|
@ -5143,6 +5255,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156",
|
||||
"tags": [
|
||||
|
|
@ -5150,6 +5269,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
|
||||
"tags": [
|
||||
|
|
@ -5297,6 +5423,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca00366b-83a1-4c7b-a0ce-8ff950a7c87f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
|
||||
"tags": [
|
||||
|
|
@ -5535,6 +5668,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b",
|
||||
"tags": [
|
||||
|
|
@ -6073,6 +6213,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
|
||||
"tags": [
|
||||
|
|
@ -6416,6 +6563,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cfb525cc-5494-401d-a82b-2539ca46a561",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
|
||||
"tags": [
|
||||
|
|
@ -7090,6 +7244,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
|
||||
"tags": [
|
||||
|
|
@ -7841,6 +8002,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
|
||||
"tags": [
|
||||
|
|
@ -8586,6 +8754,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "35d30338-5bfa-41b0-a170-ec06dfd75f64",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
|
||||
"tags": [
|
||||
|
|
@ -8937,6 +9112,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5abfc5e6-3c56-49e7-ad72-502d01acf28b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d",
|
||||
"tags": [
|
||||
|
|
@ -9075,6 +9257,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
|
||||
"tags": [
|
||||
|
|
@ -9400,6 +9589,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0b761f2b-197a-40f2-b100-8152cb957c0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0cdd66ad-26ac-4338-a764-4972a1e17ee3",
|
||||
"tags": [
|
||||
|
|
@ -9414,6 +9610,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
|
||||
"tags": [
|
||||
|
|
@ -9484,6 +9687,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "5abfc5e6-3c56-49e7-ad72-502d01acf28b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
|
||||
"tags": [
|
||||
|
|
@ -9547,6 +9757,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad",
|
||||
"tags": [
|
||||
|
|
@ -9610,6 +9827,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
|
||||
"tags": [
|
||||
|
|
@ -9652,6 +9876,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "fcb11f06-ce0e-490b-bcc1-04a1623579f0",
|
||||
"tags": [
|
||||
|
|
@ -9672,6 +9903,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0b761f2b-197a-40f2-b100-8152cb957c0c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "20b0931a-8952-42ca-975f-775bad295f1a",
|
||||
"tags": [
|
||||
|
|
@ -9686,6 +9924,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
|
||||
"tags": [
|
||||
|
|
@ -9787,7 +10032,7 @@
|
|||
"external_id": "M1014",
|
||||
"refs": [
|
||||
"https://attack.mitre.org/mitigations/M1014",
|
||||
"https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
|
||||
"https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
|
@ -10216,6 +10461,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
|
||||
"tags": [
|
||||
|
|
@ -10237,6 +10489,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6a5d222a-a7e0-4656-b110-782c33098289",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530",
|
||||
"tags": [
|
||||
|
|
@ -10258,6 +10517,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a",
|
||||
"tags": [
|
||||
|
|
@ -10328,6 +10594,20 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bb5e59c4-abe7-40c7-8196-e373cb1e5974",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
|
||||
"tags": [
|
||||
|
|
@ -10335,6 +10615,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213",
|
||||
"tags": [
|
||||
|
|
@ -11454,6 +11741,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
|
||||
"tags": [
|
||||
|
|
@ -11475,6 +11769,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a",
|
||||
"tags": [
|
||||
|
|
@ -12616,6 +12917,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
|
||||
"tags": [
|
||||
|
|
@ -12637,6 +12945,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
|
||||
"tags": [
|
||||
|
|
@ -12711,6 +13026,26 @@
|
|||
"uuid": "a6a47a06-08fc-4ec4-bdc3-20373375ebb9",
|
||||
"value": "Antivirus/Antimalware - M1049"
|
||||
},
|
||||
{
|
||||
"description": "Mobile security products, such as Mobile Threat Defense (MTD), offer various device-based mitigations against certain behaviors.",
|
||||
"meta": {
|
||||
"external_id": "M1058",
|
||||
"refs": [
|
||||
"https://attack.mitre.org/mitigations/M1058"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
}
|
||||
],
|
||||
"uuid": "78671282-26aa-486c-a7a5-5921e1616b58",
|
||||
"value": "Antivirus/Antimalware - M1058"
|
||||
},
|
||||
{
|
||||
"description": "Enable remote attestation capabilities when available (such as Android SafetyNet or Samsung Knox TIMA Attestation) and prohibit devices that fail the attestation from accessing enterprise resources.",
|
||||
"meta": {
|
||||
|
|
@ -13055,6 +13390,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
|
||||
"tags": [
|
||||
|
|
@ -13279,6 +13621,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ca00366b-83a1-4c7b-a0ce-8ff950a7c87f",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
|
||||
"tags": [
|
||||
|
|
@ -13321,6 +13670,13 @@
|
|||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "mitigates"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
|
||||
"tags": [
|
||||
|
|
@ -13375,5 +13731,5 @@
|
|||
"value": "Audit - M1047"
|
||||
}
|
||||
],
|
||||
"version": 26
|
||||
"version": 27
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -2021,6 +2021,13 @@
|
|||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
|
||||
"tags": [
|
||||
|
|
@ -2289,6 +2296,64 @@
|
|||
"uuid": "2e45723a-31da-4a7e-aaa6-e01998a6788f",
|
||||
"value": "Tasklist - S0057"
|
||||
},
|
||||
{
|
||||
"description": "[ngrok](https://attack.mitre.org/software/S0508) is a legitimate reverse proxy tool that can create a secure tunnel to servers located behind firewalls or on local machines that do not have a public IP. [ngrok](https://attack.mitre.org/software/S0508) has been leveraged by threat actors in several campaigns including use for lateral movement and data exfiltration.(Citation: Zdnet Ngrok September 2018)(Citation: FireEye Maze May 2020)(Citation: Cyware Ngrok May 2019)(Citation: MalwareBytes LazyScripter Feb 2021)",
|
||||
"meta": {
|
||||
"external_id": "S0508",
|
||||
"mitre_platforms": [
|
||||
"Windows"
|
||||
],
|
||||
"refs": [
|
||||
"https://attack.mitre.org/software/S0508",
|
||||
"https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44",
|
||||
"https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html",
|
||||
"https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf",
|
||||
"https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/"
|
||||
],
|
||||
"synonyms": [
|
||||
"ngrok"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2f7f03bb-f367-4a5a-ad9b-310a12a48906",
|
||||
"value": "ngrok - S0508"
|
||||
},
|
||||
{
|
||||
"description": "[NBTscan](https://attack.mitre.org/software/S0590) is an open source tool that has been used by state groups to conduct internal reconnaissance within a compromised network.(Citation: Debian nbtscan Nov 2019)(Citation: SecTools nbtscan June 2003)(Citation: Symantec Waterbug Jun 2019)(Citation: FireEye APT39 Jan 2019)",
|
||||
"meta": {
|
||||
|
|
@ -2647,6 +2712,173 @@
|
|||
"uuid": "c9cd7ec9-40b7-49db-80be-1399eddd9c52",
|
||||
"value": "Cachedump - S0119"
|
||||
},
|
||||
{
|
||||
"description": "Pacu is an open-source AWS exploitation framework. The tool is written in Python and publicly available on GitHub.(Citation: GitHub Pacu)",
|
||||
"meta": {
|
||||
"external_id": "S1091",
|
||||
"mitre_platforms": [
|
||||
"IaaS"
|
||||
],
|
||||
"refs": [
|
||||
"https://attack.mitre.org/software/S1091",
|
||||
"https://github.com/RhinoSecurityLabs/pacu"
|
||||
],
|
||||
"synonyms": [
|
||||
"Pacu"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cfb525cc-5494-401d-a82b-2539ca46a561",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "1b3b8f96-43b1-4460-8e02-1f53d7802fb9",
|
||||
"value": "Pacu - S1091"
|
||||
},
|
||||
{
|
||||
"description": "[Winexe](https://attack.mitre.org/software/S0191) is a lightweight, open source tool similar to [PsExec](https://attack.mitre.org/software/S0029) designed to allow system administrators to execute commands on remote servers. (Citation: Winexe Github Sept 2013) [Winexe](https://attack.mitre.org/software/S0191) is unique in that it is a GNU/Linux based client. (Citation: Überwachung APT28 Forfiles June 2015)",
|
||||
"meta": {
|
||||
|
|
@ -3074,6 +3306,13 @@
|
|||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
|
||||
"tags": [
|
||||
|
|
@ -3754,6 +3993,119 @@
|
|||
"uuid": "d8d19e33-94fd-4aa3-b94a-08ee801a2153",
|
||||
"value": "SDelete - S0195"
|
||||
},
|
||||
{
|
||||
"description": "[AsyncRAT](https://attack.mitre.org/software/S1087) is an open-source remote access tool originally available through the NYANxCAT Github repository that has been used in malicious campaigns.(Citation: Morphisec Snip3 May 2021)(Citation: Cisco Operation Layover September 2021)(Citation: Telefonica Snip3 December 2021)",
|
||||
"meta": {
|
||||
"external_id": "S1087",
|
||||
"mitre_platforms": [
|
||||
"Windows"
|
||||
],
|
||||
"refs": [
|
||||
"https://attack.mitre.org/software/S1087",
|
||||
"https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader",
|
||||
"https://blog.talosintelligence.com/operation-layover-how-we-tracked-attack/",
|
||||
"https://telefonicatech.com/blog/snip3-investigacion-malware"
|
||||
],
|
||||
"synonyms": [
|
||||
"AsyncRAT"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "6a5947f3-1a36-4653-8734-526df3e1d28d",
|
||||
"value": "AsyncRAT - S1087"
|
||||
},
|
||||
{
|
||||
"description": "[MimiPenguin](https://attack.mitre.org/software/S0179) is a credential dumper, similar to [Mimikatz](https://attack.mitre.org/software/S0002), designed specifically for Linux platforms. (Citation: MimiPenguin GitHub May 2017)",
|
||||
"meta": {
|
||||
|
|
@ -6640,6 +6992,13 @@
|
|||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
|
||||
"tags": [
|
||||
|
|
@ -6880,5 +7239,5 @@
|
|||
"value": "Mythic - S0699"
|
||||
}
|
||||
],
|
||||
"version": 28
|
||||
"version": 29
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue