chg: [mitre attack] updated to the latest version

main
Alexandre Dulaunoy 2024-11-28 17:56:25 +01:00
parent f104c647b7
commit a5fd2de2d9
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
9 changed files with 7163 additions and 1098 deletions

View File

@ -287,7 +287,7 @@ Category: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-nav
[Attack Pattern](https://www.misp-galaxy.org/mitre-attack-pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1141* elements
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1160* elements
[[HTML](https://www.misp-galaxy.org/mitre-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)]
@ -295,7 +295,7 @@ Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *11
[Course of Action](https://www.misp-galaxy.org/mitre-course-of-action) - ATT&CK Mitigation
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *281* elements
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *282* elements
[[HTML](https://www.misp-galaxy.org/mitre-course-of-action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)]
@ -375,7 +375,7 @@ Category: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/in
[Intrusion Set](https://www.misp-galaxy.org/mitre-intrusion-set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elements
Category: *actor* - source: *https://github.com/mitre/cti* - total: *176* elements
[[HTML](https://www.misp-galaxy.org/mitre-intrusion-set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)]
@ -383,7 +383,7 @@ Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elemen
[Malware](https://www.misp-galaxy.org/mitre-malware) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* elements
Category: *tool* - source: *https://github.com/mitre/cti* - total: *735* elements
[[HTML](https://www.misp-galaxy.org/mitre-malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)]
@ -391,7 +391,7 @@ Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* element
[mitre-tool](https://www.misp-galaxy.org/mitre-tool) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *87* elements
Category: *tool* - source: *https://github.com/mitre/cti* - total: *90* elements
[[HTML](https://www.misp-galaxy.org/mitre-tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-tool.json)]

File diff suppressed because it is too large Load Diff

View File

@ -222,6 +222,10 @@
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "mitigates"
},
{
"dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
"type": "mitigates"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "mitigates"
@ -234,6 +238,10 @@
"dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82",
"type": "mitigates"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "mitigates"
},
{
"dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
"type": "mitigates"
@ -266,6 +274,10 @@
"dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213",
"type": "mitigates"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "mitigates"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "mitigates"
@ -777,6 +789,10 @@
"dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
"type": "mitigates"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "mitigates"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "mitigates"
@ -837,6 +853,10 @@
"dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc",
"type": "mitigates"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "mitigates"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "mitigates"
@ -1586,6 +1606,10 @@
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "mitigates"
},
{
"dest-uuid": "b577dfc1-0177-4522-8d5a-782127c8592b",
"type": "mitigates"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "mitigates"
@ -2664,6 +2688,49 @@
"uuid": "337172b1-b003-4034-8a3f-1d89a71da628",
"value": "Runtime Data Manipulation Mitigation - T1494"
},
{
"description": "Establish secure out-of-band communication channels to ensure the continuity of critical communications during security incidents, data integrity attacks, or in-network communication failures. Out-of-band communication refers to using an alternative, separate communication path that is not dependent on the potentially compromised primary network infrastructure. This method can include secure messaging apps, encrypted phone lines, satellite communications, or dedicated emergency communication systems. Leveraging these alternative channels reduces the risk of adversaries intercepting, disrupting, or tampering with sensitive communications and helps coordinate an effective incident response.(Citation: TrustedSec OOB Communications)(Citation: NIST Special Publication 800-53 Revision 5)",
"meta": {
"external_id": "M1060",
"refs": [
"https://attack.mitre.org/mitigations/M1060",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf",
"https://trustedsec.com/blog/to-oob-or-not-to-oob-why-out-of-band-communications-are-essential-for-incident-response"
]
},
"related": [
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "mitigates"
},
{
"dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004",
"type": "mitigates"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "mitigates"
},
{
"dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
"type": "mitigates"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "mitigates"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "fb75213f-cfb0-40bf-a02f-3bad93d6601e",
"type": "mitigates"
}
],
"uuid": "80a0e940-f683-4fbd-ac00-e9f935f2f808",
"value": "Out-of-Band Communications Channel - M1060"
},
{
"description": "Disable LLMNR and NetBIOS in local computer security settings or by group policy if they are not needed within an environment. (Citation: ADSecurity Windows Secure Baseline)\n\nUse host-based security software to block LLMNR/NetBIOS traffic. Enabling SMB Signing can stop NTLMv2 relay attacks.(Citation: byt3bl33d3r NTLM Relaying)(Citation: Secure Ideas SMB Relay)(Citation: Microsoft SMB Packet Signing)",
"meta": {
@ -2693,6 +2760,10 @@
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "mitigates"
},
{
"dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff",
"type": "mitigates"
},
{
"dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd",
"type": "mitigates"
@ -2717,6 +2788,10 @@
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "mitigates"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "mitigates"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "mitigates"
@ -2765,6 +2840,10 @@
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "mitigates"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "mitigates"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "mitigates"
@ -2788,6 +2867,10 @@
{
"dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7",
"type": "mitigates"
},
{
"dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b",
"type": "mitigates"
}
],
"uuid": "21da4fd4-27ad-4e9c-b93d-0b9b14d02c96",
@ -3176,6 +3259,10 @@
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"type": "mitigates"
},
{
"dest-uuid": "130d4494-b2d6-4040-bcea-6e59f05222fe",
"type": "mitigates"
},
{
"dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720",
"type": "mitigates"
@ -3304,6 +3391,10 @@
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"type": "mitigates"
},
{
"dest-uuid": "241f9ea8-f6ae-4f38-92f5-cef5b7e539dd",
"type": "mitigates"
},
{
"dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"type": "mitigates"
@ -3324,6 +3415,10 @@
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"type": "mitigates"
},
{
"dest-uuid": "48b836c6-e4ca-435a-82a3-29c03e5b492e",
"type": "mitigates"
},
{
"dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466",
"type": "mitigates"
@ -3634,6 +3729,10 @@
"dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27",
"type": "mitigates"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24",
"type": "mitigates"
@ -3655,7 +3754,7 @@
"value": "Encrypt Sensitive Information - M1041"
},
{
"description": "Configure Active Directory to prevent use of certain techniques; use SID Filtering, etc.",
"description": "Implement robust Active Directory configurations using group policies to control access and reduce the attack surface. Specific examples include:\n\n* Account Configuration: Use provisioned domain accounts rather than local accounts to leverage centralized control and auditing capabilities.\n* Interactive Logon Restrictions: Enforce group policies that prohibit interactive logons for accounts that should not directly access systems.\n* Remote Desktop Settings: Limit Remote Desktop logons to authorized accounts to prevent misuse by adversaries.\n* Dedicated Administrative Accounts: Create specialized domain-wide accounts that are restricted from interactive logons but can perform specific tasks like installations or repository access.\n* Authentication Silos: Configure Authentication Silos in Active Directory to create access zones with restrictions based on membership in the Protected Users global security group. This setup enhances security by applying additional protections to high-risk accounts, limiting their exposure to potential attacks.",
"meta": {
"external_id": "M1015",
"refs": [
@ -3842,6 +3941,14 @@
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
"type": "mitigates"
},
{
"dest-uuid": "0ce73446-8722-4086-9d43-514f1d0f669e",
"type": "mitigates"
},
{
"dest-uuid": "1001e0d6-ee09-4dfc-aa90-e9320ffc8fe4",
"type": "mitigates"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "mitigates"
@ -3862,6 +3969,10 @@
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "mitigates"
},
{
"dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee",
"type": "mitigates"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "mitigates"
@ -3886,6 +3997,14 @@
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "mitigates"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "mitigates"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "mitigates"
},
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"type": "mitigates"
@ -3906,6 +4025,14 @@
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "mitigates"
},
{
"dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
"type": "mitigates"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "mitigates"
},
{
"dest-uuid": "45241b9e-9bbc-4826-a2cc-78855e51ca09",
"type": "mitigates"
@ -3950,6 +4077,10 @@
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
"type": "mitigates"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "mitigates"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "mitigates"
@ -4122,6 +4253,14 @@
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "mitigates"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "mitigates"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "mitigates"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"type": "mitigates"
@ -4154,10 +4293,18 @@
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0",
"type": "mitigates"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "mitigates"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "mitigates"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "mitigates"
@ -4218,10 +4365,18 @@
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "mitigates"
},
{
"dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
"type": "mitigates"
},
{
"dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436",
"type": "mitigates"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"type": "mitigates"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "mitigates"
@ -5310,10 +5465,18 @@
"dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
"type": "mitigates"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "mitigates"
},
{
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
"type": "mitigates"
},
{
"dest-uuid": "afddee82-3385-4682-ad90-eeced33f2d07",
"type": "mitigates"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "mitigates"
@ -5347,6 +5510,14 @@
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "mitigates"
},
{
"dest-uuid": "394220d9-8efc-4252-9040-664f7b115be6",
"type": "mitigates"
},
{
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "mitigates"
},
{
"dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
"type": "mitigates"
@ -5477,6 +5648,10 @@
"dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
"type": "mitigates"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "mitigates"
},
{
"dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c",
"type": "mitigates"
@ -5497,6 +5672,14 @@
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "mitigates"
},
{
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
"type": "mitigates"
},
{
"dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51",
"type": "mitigates"
},
{
"dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65",
"type": "mitigates"
@ -5550,6 +5733,10 @@
"dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3",
"type": "mitigates"
},
{
"dest-uuid": "241f9ea8-f6ae-4f38-92f5-cef5b7e539dd",
"type": "mitigates"
},
{
"dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
"type": "mitigates"
@ -5827,6 +6014,10 @@
]
},
"related": [
{
"dest-uuid": "49fca0d2-685d-41eb-8bd4-05451cc3a742",
"type": "mitigates"
},
{
"dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852",
"type": "mitigates"
@ -5865,6 +6056,10 @@
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "mitigates"
},
{
"dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1",
"type": "mitigates"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "mitigates"
@ -6599,6 +6794,10 @@
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
"type": "mitigates"
},
{
"dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d",
"type": "mitigates"
},
{
"dest-uuid": "635cbe30-392d-4e27-978e-66774357c762",
"type": "mitigates"
@ -6651,6 +6850,10 @@
"dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754",
"type": "mitigates"
},
{
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
"type": "mitigates"
},
{
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "mitigates"
@ -6683,6 +6886,10 @@
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "mitigates"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "mitigates"
@ -6714,6 +6921,10 @@
{
"dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d",
"type": "mitigates"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"type": "mitigates"
}
],
"uuid": "b045d015-6bed-4490-bd38-56b41ece59a0",
@ -7442,6 +7653,10 @@
"dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74",
"type": "mitigates"
},
{
"dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff",
"type": "mitigates"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "mitigates"
@ -7494,6 +7709,10 @@
"dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
"type": "mitigates"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "mitigates"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "mitigates"
@ -7542,6 +7761,10 @@
"dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00",
"type": "mitigates"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "mitigates"
},
{
"dest-uuid": "bf147104-abf9-4221-95d1-e81585859441",
"type": "mitigates"
@ -7562,10 +7785,6 @@
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "mitigates"
},
{
"dest-uuid": "e8a0a025-3601-4755-abfb-8d08283329fb",
"type": "mitigates"
},
{
"dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5",
"type": "mitigates"
@ -7680,6 +7899,10 @@
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "mitigates"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "mitigates"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "mitigates"
@ -7692,10 +7915,18 @@
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "mitigates"
},
{
"dest-uuid": "48b836c6-e4ca-435a-82a3-29c03e5b492e",
"type": "mitigates"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"type": "mitigates"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "mitigates"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "mitigates"
@ -7768,6 +7999,10 @@
"dest-uuid": "bb5e59c4-abe7-40c7-8196-e373cb1e5974",
"type": "mitigates"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "mitigates"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "mitigates"
@ -7792,6 +8027,10 @@
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "mitigates"
},
{
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
"type": "mitigates"
@ -7823,6 +8062,10 @@
{
"dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
"type": "mitigates"
},
{
"dest-uuid": "fb75213f-cfb0-40bf-a02f-3bad93d6601e",
"type": "mitigates"
}
],
"uuid": "2a4f6c11-a4a7-4cb9-b0ef-6ae1bb3a718a",
@ -8027,6 +8270,10 @@
"dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166",
"type": "mitigates"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "mitigates"
},
{
"dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
"type": "mitigates"
@ -8105,6 +8352,10 @@
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "mitigates"
},
{
"dest-uuid": "1001e0d6-ee09-4dfc-aa90-e9320ffc8fe4",
"type": "mitigates"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "mitigates"
@ -8255,6 +8506,10 @@
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "mitigates"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "mitigates"
},
{
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
"type": "mitigates"
@ -8355,6 +8610,10 @@
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "mitigates"
},
{
"dest-uuid": "afddee82-3385-4682-ad90-eeced33f2d07",
"type": "mitigates"
},
{
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
"type": "mitigates"
@ -8460,10 +8719,18 @@
"dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74",
"type": "mitigates"
},
{
"dest-uuid": "0ce73446-8722-4086-9d43-514f1d0f669e",
"type": "mitigates"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "mitigates"
},
{
"dest-uuid": "0ff59227-8aa8-4c09-bf1f-925605bd07ea",
"type": "mitigates"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "mitigates"
@ -8548,6 +8815,10 @@
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "mitigates"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "mitigates"
},
{
"dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0",
"type": "mitigates"
@ -8560,6 +8831,10 @@
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "mitigates"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "mitigates"
@ -8649,6 +8924,10 @@
"dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52",
"type": "mitigates"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "mitigates"
},
{
"dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f",
"type": "mitigates"
@ -8974,10 +9253,6 @@
"dest-uuid": "0dda99f0-4701-48ca-9774-8504922e92d3",
"type": "mitigates"
},
{
"dest-uuid": "0ff59227-8aa8-4c09-bf1f-925605bd07ea",
"type": "mitigates"
},
{
"dest-uuid": "149b477f-f364-4824-b1b5-aa1d56115869",
"type": "mitigates"
@ -9351,6 +9626,10 @@
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "mitigates"
},
{
"dest-uuid": "b577dfc1-0177-4522-8d5a-782127c8592b",
"type": "mitigates"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "mitigates"
@ -9498,6 +9777,10 @@
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "mitigates"
},
{
"dest-uuid": "0ce73446-8722-4086-9d43-514f1d0f669e",
"type": "mitigates"
},
{
"dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff",
"type": "mitigates"
@ -9510,6 +9793,10 @@
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "mitigates"
},
{
"dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff",
"type": "mitigates"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "mitigates"
@ -9542,6 +9829,10 @@
"dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7",
"type": "mitigates"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "mitigates"
},
{
"dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34",
"type": "mitigates"
@ -9570,6 +9861,10 @@
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "mitigates"
},
{
"dest-uuid": "394220d9-8efc-4252-9040-664f7b115be6",
"type": "mitigates"
},
{
"dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b",
"type": "mitigates"
@ -9582,6 +9877,10 @@
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "mitigates"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "mitigates"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "mitigates"
@ -9658,6 +9957,10 @@
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "mitigates"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "mitigates"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "mitigates"
@ -9738,6 +10041,10 @@
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "mitigates"
},
{
"dest-uuid": "afddee82-3385-4682-ad90-eeced33f2d07",
"type": "mitigates"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "mitigates"
@ -9754,6 +10061,10 @@
"dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001",
"type": "mitigates"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "mitigates"
},
{
"dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b",
"type": "mitigates"
@ -9778,6 +10089,10 @@
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "mitigates"
},
{
"dest-uuid": "d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0",
"type": "mitigates"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "mitigates"
@ -9818,14 +10133,22 @@
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "mitigates"
},
{
"dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
"type": "mitigates"
},
{
"dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a",
"type": "mitigates"
},
{
"dest-uuid": "fb75213f-cfb0-40bf-a02f-3bad93d6601e",
"type": "mitigates"
}
],
"uuid": "cc2399fd-3cd3-4319-8d0a-fbd6420cdaf8",
"value": "Audit - M1047"
}
],
"version": 29
"version": 30
}

View File

@ -65,6 +65,10 @@
"dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215",
"type": "detects"
},
{
"dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
"type": "detects"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
@ -183,6 +187,10 @@
"dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a",
"type": "detects"
},
{
"dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
@ -721,6 +729,10 @@
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
@ -847,6 +859,10 @@
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "130d4494-b2d6-4040-bcea-6e59f05222fe",
"type": "detects"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
@ -1003,6 +1019,10 @@
"dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103",
"type": "detects"
},
{
"dest-uuid": "924d273c-be0d-4d8d-af58-2dddb15ef1e2",
"type": "detects"
},
{
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
"type": "detects"
@ -1063,6 +1083,10 @@
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
@ -1071,10 +1095,18 @@
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "b577dfc1-0177-4522-8d5a-782127c8592b",
"type": "detects"
},
{
"dest-uuid": "bb5e59c4-abe7-40c7-8196-e373cb1e5974",
"type": "detects"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "detects"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "detects"
@ -1099,6 +1131,10 @@
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3",
"type": "detects"
@ -1155,6 +1191,10 @@
"dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a",
"type": "detects"
},
{
"dest-uuid": "fb75213f-cfb0-40bf-a02f-3bad93d6601e",
"type": "detects"
},
{
"dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b",
"type": "detects"
@ -1199,6 +1239,10 @@
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "635cbe30-392d-4e27-978e-66774357c762",
"type": "detects"
@ -1215,6 +1259,10 @@
"dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b",
"type": "detects"
},
{
"dest-uuid": "d349c66e-18e1-4d8b-a2d7-65af7cbd2ba0",
"type": "detects"
},
{
"dest-uuid": "deb22295-7e37-4a3b-ac6f-c86666fbe63d",
"type": "included-in"
@ -1407,6 +1455,10 @@
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"type": "detects"
},
{
"dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a",
"type": "detects"
@ -1415,6 +1467,10 @@
"dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06",
"type": "detects"
},
{
"dest-uuid": "49fca0d2-685d-41eb-8bd4-05451cc3a742",
"type": "detects"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
@ -1719,6 +1775,10 @@
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "3e6831b2-bf4c-4ae6-b328-2e7c6633b291",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
@ -1927,6 +1987,10 @@
"dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
@ -1999,6 +2063,10 @@
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "detects"
@ -2383,6 +2451,10 @@
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "bbfbb096-6561-4d7d-aa2c-a5ee8e44c696",
"type": "detects"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "detects"
@ -2403,6 +2475,10 @@
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db",
"type": "detects"
},
{
"dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f",
"type": "detects"
@ -2455,10 +2531,22 @@
"refs": []
},
"related": [
{
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "detects"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7",
"type": "detects"
},
{
"dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
"type": "detects"
},
{
"dest-uuid": "b33d36e3-d7ea-4895-8eed-19a08a8f7c4f",
"type": "included-in"
@ -2473,6 +2561,10 @@
"refs": []
},
"related": [
{
"dest-uuid": "1001e0d6-ee09-4dfc-aa90-e9320ffc8fe4",
"type": "detects"
},
{
"dest-uuid": "45977f14-1bcc-4ec4-ac14-a30fd3a11f44",
"type": "included-in"
@ -2481,6 +2573,10 @@
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
@ -2495,10 +2591,18 @@
"refs": []
},
"related": [
{
"dest-uuid": "0ce73446-8722-4086-9d43-514f1d0f669e",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "924d273c-be0d-4d8d-af58-2dddb15ef1e2",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
@ -2511,6 +2615,10 @@
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae",
"type": "detects"
@ -2589,6 +2697,10 @@
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
"type": "detects"
},
{
"dest-uuid": "241f9ea8-f6ae-4f38-92f5-cef5b7e539dd",
"type": "detects"
},
{
"dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"type": "detects"
@ -2649,6 +2761,10 @@
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "48b836c6-e4ca-435a-82a3-29c03e5b492e",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
@ -2725,6 +2841,10 @@
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
@ -2817,6 +2937,10 @@
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
@ -2937,6 +3061,10 @@
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120",
"type": "detects"
},
{
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
"type": "detects"
@ -3127,6 +3255,10 @@
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"type": "detects"
},
{
"dest-uuid": "241f9ea8-f6ae-4f38-92f5-cef5b7e539dd",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
@ -3179,6 +3311,10 @@
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "48b836c6-e4ca-435a-82a3-29c03e5b492e",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
@ -3255,6 +3391,10 @@
"dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
@ -3331,6 +3471,10 @@
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "detects"
@ -3367,6 +3511,10 @@
"dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
"type": "detects"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
@ -3963,6 +4111,10 @@
"dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0",
"type": "detects"
},
{
"dest-uuid": "394220d9-8efc-4252-9040-664f7b115be6",
"type": "detects"
},
{
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
"type": "detects"
@ -4669,6 +4821,10 @@
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"type": "detects"
},
{
"dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06",
"type": "detects"
@ -4861,6 +5017,10 @@
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"type": "detects"
@ -5081,6 +5241,10 @@
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
@ -5109,6 +5273,10 @@
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "afddee82-3385-4682-ad90-eeced33f2d07",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
@ -5233,6 +5401,10 @@
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "detects"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "detects"
@ -5619,6 +5791,10 @@
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "49fca0d2-685d-41eb-8bd4-05451cc3a742",
"type": "detects"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "detects"
@ -5667,6 +5843,10 @@
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
@ -5731,6 +5911,10 @@
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
@ -5755,6 +5939,10 @@
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b577dfc1-0177-4522-8d5a-782127c8592b",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
@ -6137,6 +6325,10 @@
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "detects"
},
{
"dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
@ -6613,6 +6805,10 @@
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "718cb208-6446-4572-a2f0-9c799c60091e",
"type": "detects"
},
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"type": "detects"
@ -6777,6 +6973,10 @@
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
@ -6925,6 +7125,10 @@
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "detects"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "detects"
@ -7077,6 +7281,10 @@
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f4c3f644-ab33-433d-8648-75cc03a95792",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
@ -8029,6 +8237,10 @@
"dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d",
"type": "detects"
},
{
"dest-uuid": "afddee82-3385-4682-ad90-eeced33f2d07",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
@ -8251,6 +8463,10 @@
"dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52",
"type": "detects"
},
{
"dest-uuid": "b577dfc1-0177-4522-8d5a-782127c8592b",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
@ -8687,6 +8903,10 @@
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "detects"
},
{
"dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b",
"type": "detects"
@ -8703,6 +8923,10 @@
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "cc36eeae-2209-4e63-89d3-c97e19edf280",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
@ -8791,6 +9015,10 @@
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f4c3f644-ab33-433d-8648-75cc03a95792",
"type": "detects"
},
{
"dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd",
"type": "detects"
@ -8941,6 +9169,10 @@
"dest-uuid": "9558a84e-2d5e-4872-918e-d847494a8ffc",
"type": "detects"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "detects"
},
{
"dest-uuid": "a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
"type": "detects"
@ -9331,6 +9563,10 @@
"dest-uuid": "c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1",
"type": "included-in"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "detects"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
@ -9375,6 +9611,10 @@
"dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490",
"type": "detects"
},
{
"dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b",
"type": "detects"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "detects"
@ -9487,6 +9727,10 @@
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "cc279e50-df85-4c8e-be80-6dc2eda8849c",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
@ -9502,6 +9746,10 @@
{
"dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6",
"type": "detects"
},
{
"dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b",
"type": "detects"
}
],
"uuid": "ee575f4a-2d4f-48f6-b18b-89067760adc1",
@ -10252,5 +10500,5 @@
"value": "System Settings"
}
],
"version": 2
"version": 3
}

View File

@ -57,15 +57,14 @@
"meta": {
"external_id": "DS0002",
"mitre_platforms": [
"Azure AD",
"Containers",
"Google Workspace",
"IaaS",
"Linux",
"Office 365",
"SaaS",
"Windows",
"macOS"
"macOS",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0002"
@ -157,13 +156,12 @@
"meta": {
"external_id": "DS0006",
"mitre_platforms": [
"Azure AD",
"Google Workspace",
"Linux",
"Office 365",
"SaaS",
"Windows",
"macOS"
"macOS",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0006",
@ -250,13 +248,12 @@
"meta": {
"external_id": "DS0015",
"mitre_platforms": [
"Google Workspace",
"IaaS",
"Linux",
"Office 365",
"SaaS",
"Windows",
"macOS"
"macOS",
"Office Suite"
],
"refs": [
"https://attack.mitre.org/datasources/DS0015",
@ -362,11 +359,10 @@
"meta": {
"external_id": "DS0025",
"mitre_platforms": [
"Azure AD",
"Google Workspace",
"IaaS",
"Office 365",
"SaaS"
"SaaS",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0025",
@ -400,8 +396,8 @@
"meta": {
"external_id": "DS0026",
"mitre_platforms": [
"Azure AD",
"Windows"
"Windows",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0026",
@ -438,14 +434,13 @@
"meta": {
"external_id": "DS0028",
"mitre_platforms": [
"Azure AD",
"Google Workspace",
"IaaS",
"Linux",
"Office 365",
"SaaS",
"Windows",
"macOS"
"macOS",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0028",
@ -990,14 +985,13 @@
"meta": {
"external_id": "DS0018",
"mitre_platforms": [
"Azure AD",
"Google Workspace",
"IaaS",
"Linux",
"Office 365",
"SaaS",
"Windows",
"macOS"
"macOS",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0018",
@ -1205,12 +1199,11 @@
"meta": {
"external_id": "DS0036",
"mitre_platforms": [
"Azure AD",
"Google Workspace",
"IaaS",
"Office 365",
"SaaS",
"Windows"
"Windows",
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/datasources/DS0036",
@ -1255,5 +1248,5 @@
"value": "Certificate - DS0037"
}
],
"version": 2
"version": 3
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -17,8 +17,8 @@
"Windows"
],
"refs": [
"http://www.ampliasecurity.com/research/wcefaq.html",
"https://attack.mitre.org/software/S0005"
"https://attack.mitre.org/software/S0005",
"https://web.archive.org/web/20240904163410/https://www.ampliasecurity.com/research/wcefaq.html"
],
"synonyms": [
"Windows Credential Editor",
@ -135,6 +135,10 @@
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "uses"
},
{
"dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662",
"type": "uses"
},
{
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
"type": "uses"
@ -333,6 +337,10 @@
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "uses"
},
{
"dest-uuid": "a718a0c8-5768-41a1-9958-a1cc3f995e99",
"type": "uses"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "uses"
@ -341,10 +349,6 @@
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "uses"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "uses"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"type": "uses"
@ -1150,7 +1154,7 @@
],
"refs": [
"https://attack.mitre.org/software/S0250",
"https://github.com/zerosum0x0/koadic",
"https://github.com/offsecginger/koadic",
"https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/",
"https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf"
],
@ -1357,6 +1361,10 @@
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"type": "uses"
},
{
"dest-uuid": "3e6831b2-bf4c-4ae6-b328-2e7c6633b291",
"type": "uses"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "uses"
@ -2053,6 +2061,9 @@
"https://attack.mitre.org/software/S0191",
"https://github.com/skalkoto/winexe/",
"https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/"
],
"synonyms": [
"Winexe"
]
},
"related": [
@ -2358,9 +2369,8 @@
"meta": {
"external_id": "S0413",
"mitre_platforms": [
"Office 365",
"Windows",
"Azure AD"
"Office Suite"
],
"refs": [
"https://attack.mitre.org/software/S0413",
@ -3455,6 +3465,14 @@
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"type": "uses"
},
{
"dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
"type": "uses"
},
{
"dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f",
"type": "uses"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"type": "uses"
@ -3475,6 +3493,10 @@
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "uses"
},
{
"dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a",
"type": "uses"
},
{
"dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830",
"type": "uses"
@ -3507,10 +3529,18 @@
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "uses"
},
{
"dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497",
"type": "uses"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"type": "uses"
},
{
"dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819",
"type": "uses"
},
{
"dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
"type": "uses"
@ -4191,6 +4221,10 @@
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"type": "uses"
},
{
"dest-uuid": "394220d9-8efc-4252-9040-664f7b115be6",
"type": "uses"
},
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "uses"
@ -4221,7 +4255,7 @@
"external_id": "S0358",
"mitre_platforms": [
"Windows",
"Office 365"
"Office Suite"
],
"refs": [
"https://attack.mitre.org/software/S0358",
@ -4509,6 +4543,9 @@
"description": "[ROADTools](https://attack.mitre.org/software/S0684) is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.(Citation: ROADtools Github)",
"meta": {
"external_id": "S0684",
"mitre_platforms": [
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/software/S0684",
"https://github.com/dirkjanm/ROADtools"
@ -4734,8 +4771,8 @@
"external_id": "S0677",
"mitre_platforms": [
"Windows",
"Azure AD",
"Office 365"
"Office Suite",
"Identity Provider"
],
"refs": [
"https://attack.mitre.org/software/S0677",
@ -4924,7 +4961,184 @@
],
"uuid": "d505fc8b-2e64-46eb-96d6-9ef7ffca5b66",
"value": "Mythic - S0699"
},
{
"description": "NPPSPY is an implementation of a theoretical mechanism first presented in 2004 for capturing credentials submitted to a Windows system via a rogue Network Provider API item. NPPSPY captures credentials following submission and writes them to a file on the victim system for follow-on exfiltration.(Citation: Huntress NPPSPY 2022)(Citation: Polak NPPSPY 2004)",
"meta": {
"external_id": "S1131",
"mitre_platforms": [
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S1131",
"https://www.blackhat.com/presentations/win-usa-04/bh-win-04-polak/bh-win-04-polak2.pdf",
"https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy"
],
"synonyms": [
"NPPSPY"
]
},
"related": [
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "uses"
},
{
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "uses"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "uses"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "uses"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "uses"
},
{
"dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada",
"type": "uses"
}
],
"uuid": "0630d1a7-54da-4a48-a6af-eb8a62b13c17",
"value": "NPPSPY - S1131"
},
{
"description": "[FRP](https://attack.mitre.org/software/S1144), which stands for Fast Reverse Proxy, is an openly available tool that is capable of exposing a server located behind a firewall or Network Address Translation (NAT) to the Internet. [FRP](https://attack.mitre.org/software/S1144) can support multiple protocols including TCP, UDP, and HTTP(S) and has been abused by threat actors to proxy command and control communications.(Citation: FRP GitHub)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: RedCanary Mockingbird May 2020)(Citation: DFIR Phosphorus November 2021)",
"meta": {
"external_id": "S1144",
"mitre_platforms": [
"Linux",
"macOS",
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S1144",
"https://github.com/fatedier/frp",
"https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF",
"https://redcanary.com/blog/blue-mockingbird-cryptominer/",
"https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/"
],
"synonyms": [
"FRP"
]
},
"related": [
{
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "uses"
},
{
"dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"type": "uses"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"type": "uses"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "uses"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "uses"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "uses"
},
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "uses"
},
{
"dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b",
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"type": "uses"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"type": "uses"
}
],
"uuid": "36dd807e-b5bc-4c3e-91ed-80682360148c",
"value": "FRP - S1144"
},
{
"description": "[Covenant](https://attack.mitre.org/software/S1155) is a multi-platform command and control framework written in .NET. While designed for penetration testing and security research, the tool has also been used by threat actors such as [HAFNIUM](https://attack.mitre.org/groups/G0125) during operations. [Covenant](https://attack.mitre.org/software/S1155) functions through a central listener managing multiple deployed \"Grunts\" that communicate back to the controller.(Citation: Github Covenant)(Citation: Microsoft HAFNIUM March 2020)",
"meta": {
"external_id": "S1155",
"mitre_platforms": [
"Linux",
"macOS",
"Windows"
],
"refs": [
"https://attack.mitre.org/software/S1155",
"https://github.com/cobbr/Covenant",
"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
],
"synonyms": [
"Covenant"
]
},
"related": [
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "uses"
},
{
"dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107",
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "uses"
},
{
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "uses"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "uses"
},
{
"dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18",
"type": "uses"
},
{
"dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab",
"type": "uses"
},
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "uses"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"type": "uses"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"type": "uses"
}
],
"uuid": "05fb53c8-e2ac-4e17-a0c9-a0825e1198bf",
"value": "Covenant - S1155"
}
],
"version": 32
"version": 33
}

View File

@ -2,17 +2,6 @@
"description": "ATT&CK Tactic",
"icon": "map",
"kill_chain_order": {
"attack-Azure-AD": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"impact"
],
"attack-Containers": [
"initial-access",
"execution",
@ -24,19 +13,6 @@
"lateral-movement",
"impact"
],
"attack-Google-Workspace": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement",
"collection",
"exfiltration",
"impact"
],
"attack-IaaS": [
"initial-access",
"execution",
@ -50,6 +26,16 @@
"exfiltration",
"impact"
],
"attack-Identity-Provider": [
"initial-access",
"execution",
"persistence",
"privilege-escalation",
"defense-evasion",
"credential-access",
"discovery",
"lateral-movement"
],
"attack-Linux": [
"initial-access",
"execution",
@ -79,6 +65,11 @@
"impact"
],
"attack-Office-365": [
"initial-access",
"defense-evasion",
"lateral-movement"
],
"attack-Office-Suite": [
"initial-access",
"execution",
"persistence",
@ -192,5 +183,5 @@
"namespace": "mitre-attack",
"type": "mitre-attack-pattern",
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
"version": 10
"version": 11
}