From 93fa68f4a444c9ae466147964d6a5f452b57a30e Mon Sep 17 00:00:00 2001 From: Christophe Vandeplas Date: Mon, 13 May 2024 11:07:34 +0200 Subject: [PATCH] chg: [mitre] Use x_mitre_platforms for kill-chain separation --- clusters/mitre-attack-pattern.json | 4397 +++++++++++++++++++--------- galaxies/mitre-attack-pattern.json | 150 +- tools/gen_mitre.py | 122 +- 3 files changed, 3246 insertions(+), 1423 deletions(-) diff --git a/clusters/mitre-attack-pattern.json b/clusters/mitre-attack-pattern.json index 9dd7f5b..efe74e0 100644 --- a/clusters/mitre-attack-pattern.json +++ b/clusters/mitre-attack-pattern.json @@ -14,7 +14,7 @@ "meta": { "external_id": "T1393", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1393" @@ -28,7 +28,7 @@ "meta": { "external_id": "T1391", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "https://attack.mitre.org/techniques/T1391" @@ -42,7 +42,7 @@ "meta": { "external_id": "T1261", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1261" @@ -56,7 +56,7 @@ "meta": { "external_id": "T1392", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "https://attack.mitre.org/techniques/T1392" @@ -70,7 +70,7 @@ "meta": { "external_id": "T1295", "kill_chain": [ - "mitre-pre-attack:people-weakness-identification" + "pre-attack:people-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1295" @@ -84,7 +84,8 @@ "meta": { "external_id": "T1222.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -116,7 +117,7 @@ "meta": { "external_id": "T1336", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1336" @@ -130,7 +131,7 @@ "meta": { "external_id": "T1354", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1354", @@ -145,7 +146,7 @@ "meta": { "external_id": "T1350", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1350", @@ -160,7 +161,7 @@ "meta": { "external_id": "T1330", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1330" @@ -180,7 +181,7 @@ "meta": { "external_id": "T1307", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1307" @@ -200,7 +201,7 @@ "meta": { "external_id": "T1308", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1308" @@ -220,7 +221,7 @@ "meta": { "external_id": "T1361", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1361" @@ -234,7 +235,7 @@ "meta": { "external_id": "T1329", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1329", @@ -255,7 +256,7 @@ "meta": { "external_id": "T1310", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1310" @@ -275,7 +276,7 @@ "meta": { "external_id": "T1312", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1312" @@ -295,7 +296,7 @@ "meta": { "external_id": "T1332", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1332", @@ -316,7 +317,7 @@ "meta": { "external_id": "T1334", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1334" @@ -336,7 +337,7 @@ "meta": { "external_id": "T1385", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", @@ -368,7 +369,8 @@ "meta": { "external_id": "T1475", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -415,7 +417,7 @@ "meta": { "external_id": "T1238", "kill_chain": [ - "mitre-pre-attack:priority-definition-direction" + "pre-attack:priority-definition-direction" ], "refs": [ "https://attack.mitre.org/techniques/T1238" @@ -429,7 +431,7 @@ "meta": { "external_id": "T1236", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1236" @@ -443,7 +445,7 @@ "meta": { "external_id": "T1237", "kill_chain": [ - "mitre-pre-attack:priority-definition-direction" + "pre-attack:priority-definition-direction" ], "refs": [ "https://attack.mitre.org/techniques/T1237" @@ -457,7 +459,7 @@ "meta": { "external_id": "T1321", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1321" @@ -471,7 +473,9 @@ "meta": { "external_id": "T1048.001", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -504,7 +508,9 @@ "meta": { "external_id": "T1048.002", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -537,7 +543,7 @@ "meta": { "external_id": "T1316", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1316" @@ -551,7 +557,7 @@ "meta": { "external_id": "T1343", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", @@ -583,7 +589,7 @@ "meta": { "external_id": "T1389", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1389" @@ -597,8 +603,8 @@ "meta": { "external_id": "T1547.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -633,7 +639,8 @@ "meta": { "external_id": "T1070.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -663,7 +670,10 @@ "meta": { "external_id": "T1070.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -701,7 +711,9 @@ "meta": { "external_id": "T1195.001", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "File: File Metadata" @@ -730,7 +742,7 @@ "meta": { "external_id": "T1222.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -764,7 +776,8 @@ "meta": { "external_id": "T1474.001", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -795,9 +808,15 @@ "meta": { "external_id": "T1574.007", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-macOS:persistence", + "attack-Linux:persistence", + "attack-Windows:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -831,9 +850,9 @@ "meta": { "external_id": "T1574.008", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -865,7 +884,7 @@ "meta": { "external_id": "T1562.012", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -899,7 +918,7 @@ "meta": { "external_id": "T1060", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -927,7 +946,8 @@ "meta": { "external_id": "T1449", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -952,7 +972,7 @@ "meta": { "external_id": "T1302", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1302" @@ -966,7 +986,7 @@ "meta": { "external_id": "T1250", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1250" @@ -980,7 +1000,7 @@ "meta": { "external_id": "T1290", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf", @@ -995,7 +1015,8 @@ "meta": { "external_id": "T1450", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -1025,8 +1046,8 @@ "meta": { "external_id": "T1413", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-Android:credential-access" ], "mitre_platforms": [ "Android" @@ -1062,8 +1083,8 @@ "meta": { "external_id": "T1175", "kill_chain": [ - "mitre-attack:lateral-movement", - "mitre-attack:execution" + "attack-Windows:lateral-movement", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -1091,7 +1112,7 @@ "meta": { "external_id": "T1342", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", @@ -1107,7 +1128,7 @@ "meta": { "external_id": "T1298", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1298" @@ -1121,7 +1142,8 @@ "meta": { "external_id": "T1452", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -1145,7 +1167,7 @@ "meta": { "external_id": "T1247", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1247" @@ -1169,7 +1191,7 @@ "meta": { "external_id": "T1266", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1266" @@ -1193,7 +1215,7 @@ "meta": { "external_id": "T1277", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1277" @@ -1217,7 +1239,7 @@ "meta": { "external_id": "T1299", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1299" @@ -1231,7 +1253,7 @@ "meta": { "external_id": "T1338", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1338" @@ -1245,7 +1267,7 @@ "meta": { "external_id": "T1348", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1348" @@ -1259,7 +1281,7 @@ "meta": { "external_id": "T1365", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1365" @@ -1273,7 +1295,7 @@ "meta": { "external_id": "T1357", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1357" @@ -1287,7 +1309,7 @@ "meta": { "external_id": "T1376", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1376" @@ -1301,7 +1323,7 @@ "meta": { "external_id": "T1367", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1367" @@ -1315,7 +1337,7 @@ "meta": { "external_id": "T1386", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/", @@ -1330,7 +1352,7 @@ "meta": { "external_id": "T1368", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1368" @@ -1344,7 +1366,7 @@ "meta": { "external_id": "T1369", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1369" @@ -1358,7 +1380,7 @@ "meta": { "external_id": "T1387", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://attack.mitre.org/techniques/T1387" @@ -1372,7 +1394,8 @@ "meta": { "external_id": "T1476", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -1397,7 +1420,7 @@ "meta": { "external_id": "T1362", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1362" @@ -1411,8 +1434,8 @@ "meta": { "external_id": "T1557.001", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:collection" + "attack-Windows:credential-access", + "attack-Windows:collection" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -1450,7 +1473,10 @@ "meta": { "external_id": "T1048.003", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration", + "attack-Network:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -1485,7 +1511,8 @@ "meta": { "external_id": "T1639.001", "kill_chain": [ - "mitre-mobile-attack:exfiltration" + "mobile-attack-Android:exfiltration", + "mobile-attack-iOS:exfiltration" ], "mitre_platforms": [ "Android", @@ -1510,7 +1537,10 @@ "meta": { "external_id": "T1036.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Containers:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata", @@ -1545,7 +1575,8 @@ "meta": { "external_id": "T1655.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -1571,7 +1602,10 @@ "meta": { "external_id": "T1562.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -1605,7 +1639,7 @@ "meta": { "external_id": "T1562.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Firewall: Firewall Disable", @@ -1634,7 +1668,11 @@ "meta": { "external_id": "T1562.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Disable", @@ -1673,7 +1711,7 @@ "meta": { "external_id": "T1553.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Modification", @@ -1710,8 +1748,8 @@ "meta": { "external_id": "T1546.003", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -1749,7 +1787,9 @@ "meta": { "external_id": "T1567.003", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -1779,9 +1819,9 @@ "meta": { "external_id": "T1574.005", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -1813,9 +1853,9 @@ "meta": { "external_id": "T1574.009", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -1847,8 +1887,8 @@ "meta": { "external_id": "T1546.012", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -1884,7 +1924,7 @@ "meta": { "external_id": "T1344", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", @@ -1906,7 +1946,7 @@ "meta": { "external_id": "T1364", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", @@ -1927,7 +1967,7 @@ "meta": { "external_id": "T1271", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1271" @@ -1941,7 +1981,7 @@ "meta": { "external_id": "T1239", "kill_chain": [ - "mitre-pre-attack:priority-definition-direction" + "pre-attack:priority-definition-direction" ], "refs": [ "https://attack.mitre.org/techniques/T1239" @@ -1955,7 +1995,7 @@ "meta": { "external_id": "T1248", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1248" @@ -1979,7 +2019,7 @@ "meta": { "external_id": "T1294", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1294" @@ -1993,7 +2033,7 @@ "meta": { "external_id": "T1255", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1255" @@ -2007,7 +2047,7 @@ "meta": { "external_id": "T1267", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1267" @@ -2031,7 +2071,7 @@ "meta": { "external_id": "T1278", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1278" @@ -2055,7 +2095,7 @@ "meta": { "external_id": "T1300", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1300" @@ -2079,7 +2119,9 @@ "meta": { "external_id": "T1011", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -2105,8 +2147,10 @@ "meta": { "external_id": "T1410", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -2131,7 +2175,7 @@ "meta": { "external_id": "T1260", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1260" @@ -2151,7 +2195,7 @@ "meta": { "external_id": "T1303", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1303" @@ -2165,8 +2209,14 @@ "meta": { "external_id": "T1037", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-Network:persistence", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-Network:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -2196,7 +2246,9 @@ "meta": { "external_id": "T1039", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -2223,7 +2275,8 @@ "meta": { "external_id": "T1407", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -2243,7 +2296,7 @@ "meta": { "external_id": "T1084", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -2271,7 +2324,9 @@ "meta": { "external_id": "T1094", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -2297,7 +2352,7 @@ "meta": { "external_id": "T1127", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -2339,9 +2394,9 @@ "meta": { "external_id": "T1183", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence", - "mitre-attack:defense-evasion" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -2371,8 +2426,8 @@ "meta": { "external_id": "T1198", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -2404,7 +2459,9 @@ "meta": { "external_id": "T1222", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -2437,7 +2494,7 @@ "meta": { "external_id": "T1224", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1224" @@ -2451,7 +2508,7 @@ "meta": { "external_id": "T1284", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1284" @@ -2471,7 +2528,7 @@ "meta": { "external_id": "T1243", "kill_chain": [ - "mitre-pre-attack:target-selection" + "pre-attack:target-selection" ], "refs": [ "https://attack.mitre.org/techniques/T1243" @@ -2485,7 +2542,7 @@ "meta": { "external_id": "T1244", "kill_chain": [ - "mitre-pre-attack:target-selection" + "pre-attack:target-selection" ], "refs": [ "https://attack.mitre.org/techniques/T1244" @@ -2499,7 +2556,7 @@ "meta": { "external_id": "T1427", "kill_chain": [ - "mitre-mobile-attack:lateral-movement" + "mobile-attack-Android:lateral-movement" ], "mitre_platforms": [ "Android" @@ -2519,7 +2576,7 @@ "meta": { "external_id": "T1285", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1285" @@ -2533,7 +2590,7 @@ "meta": { "external_id": "T1259", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1259" @@ -2547,7 +2604,7 @@ "meta": { "external_id": "T1297", "kill_chain": [ - "mitre-pre-attack:people-weakness-identification" + "pre-attack:people-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1297" @@ -2571,7 +2628,7 @@ "meta": { "external_id": "T1288", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1288" @@ -2585,7 +2642,7 @@ "meta": { "external_id": "T1289", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1289" @@ -2609,7 +2666,7 @@ "meta": { "external_id": "T1375", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1375" @@ -2623,7 +2680,7 @@ "meta": { "external_id": "T1335", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1335", @@ -2638,7 +2695,7 @@ "meta": { "external_id": "T1337", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1337", @@ -2653,7 +2710,7 @@ "meta": { "external_id": "T1383", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://attack.mitre.org/techniques/T1383" @@ -2684,8 +2741,14 @@ "meta": { "external_id": "T1543", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-macOS:persistence", + "attack-Linux:persistence", + "attack-Containers:persistence", + "attack-Windows:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -2721,7 +2784,7 @@ "meta": { "external_id": "T1347", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1347" @@ -2735,7 +2798,7 @@ "meta": { "external_id": "T1384", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://attack.mitre.org/techniques/T1384" @@ -2749,7 +2812,8 @@ "meta": { "external_id": "T1438", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -2774,7 +2838,8 @@ "meta": { "external_id": "T1439", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -2801,7 +2866,7 @@ "meta": { "external_id": "T1394", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1394" @@ -2815,7 +2880,10 @@ "meta": { "external_id": "T1537", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-IaaS:exfiltration", + "attack-SaaS:exfiltration", + "attack-Google-Workspace:exfiltration", + "attack-Office-365:exfiltration" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -2851,7 +2919,7 @@ "meta": { "external_id": "T1358", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1358" @@ -2865,7 +2933,7 @@ "meta": { "external_id": "T1395", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1395" @@ -2879,7 +2947,7 @@ "meta": { "external_id": "T1359", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1359" @@ -2893,7 +2961,7 @@ "meta": { "external_id": "T1378", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1378" @@ -2907,7 +2975,7 @@ "meta": { "external_id": "T1388", "kill_chain": [ - "mitre-pre-attack:compromise" + "pre-attack:compromise" ], "refs": [ "https://attack.mitre.org/techniques/T1388" @@ -2921,7 +2989,8 @@ "meta": { "external_id": "T1398", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence", + "mobile-attack-iOS:persistence" ], "mitre_platforms": [ "Android", @@ -2942,8 +3011,12 @@ "meta": { "external_id": "T1484", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Windows:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-SaaS:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", @@ -2979,8 +3052,14 @@ "meta": { "external_id": "T1547", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Network:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3018,7 +3097,8 @@ "meta": { "external_id": "T1468", "kill_chain": [ - "mitre-mobile-attack:remote-service-effects" + "mobile-attack-Android:remote-service-effects", + "mobile-attack-iOS:remote-service-effects" ], "mitre_platforms": [ "Android", @@ -3045,7 +3125,10 @@ "meta": { "external_id": "T1649", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Azure-AD:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -3081,7 +3164,8 @@ "meta": { "external_id": "T1469", "kill_chain": [ - "mitre-mobile-attack:remote-service-effects" + "mobile-attack-Android:remote-service-effects", + "mobile-attack-iOS:remote-service-effects" ], "mitre_platforms": [ "Android", @@ -3102,8 +3186,10 @@ "meta": { "external_id": "T1478", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -3130,7 +3216,9 @@ "meta": { "external_id": "T1558", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -3170,7 +3258,7 @@ "meta": { "external_id": "T1275", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1275" @@ -3184,7 +3272,7 @@ "meta": { "external_id": "T1323", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1323" @@ -3198,7 +3286,7 @@ "meta": { "external_id": "T1372", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1372" @@ -3212,7 +3300,7 @@ "meta": { "external_id": "T1171", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_platforms": [ "Windows" @@ -3244,7 +3332,7 @@ "meta": { "external_id": "T1390", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1390" @@ -3258,7 +3346,14 @@ "meta": { "external_id": "T1621", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Office-365:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-IaaS:credential-access", + "attack-SaaS:credential-access", + "attack-Azure-AD:credential-access", + "attack-Google-Workspace:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -3292,7 +3387,8 @@ "meta": { "external_id": "T1465", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -3319,7 +3415,7 @@ "meta": { "external_id": "T1070.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3352,7 +3448,7 @@ "meta": { "external_id": "T1070.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3382,7 +3478,7 @@ "meta": { "external_id": "T1021.003", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Module: Module Load", @@ -3420,7 +3516,7 @@ "meta": { "external_id": "T1021.008", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-IaaS:lateral-movement" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation" @@ -3451,8 +3547,10 @@ "meta": { "external_id": "T1430.001", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:discovery" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -3479,7 +3577,7 @@ "meta": { "external_id": "T1602.002", "kill_chain": [ - "mitre-attack:collection" + "attack-Network:collection" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -3509,7 +3607,9 @@ "meta": { "external_id": "T1027.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -3537,8 +3637,12 @@ "meta": { "external_id": "T1098.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Office-365:persistence", + "attack-Google-Workspace:persistence", + "attack-Windows:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-Google-Workspace:privilege-escalation" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -3575,7 +3679,9 @@ "meta": { "external_id": "T1036.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3611,7 +3717,9 @@ "meta": { "external_id": "T1560.003", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "File: File Creation", @@ -3641,8 +3749,8 @@ "meta": { "external_id": "T1098.006", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Containers:persistence", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "User Account: User Account Modification" @@ -3674,8 +3782,8 @@ "meta": { "external_id": "T1055.011", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution" @@ -3708,8 +3816,8 @@ "meta": { "external_id": "T1134.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3738,7 +3846,8 @@ "meta": { "external_id": "T1632.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -3763,7 +3872,7 @@ "meta": { "external_id": "T1625.001", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -3787,7 +3896,12 @@ "meta": { "external_id": "T1562.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-Containers:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3836,7 +3950,9 @@ "meta": { "external_id": "T1195.002", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "File: File Metadata" @@ -3866,8 +3982,8 @@ "meta": { "external_id": "T1134.003", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3896,7 +4012,9 @@ "meta": { "external_id": "T1195.003", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "Sensor Health: Host Status" @@ -3924,8 +4042,8 @@ "meta": { "external_id": "T1546.001", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3957,7 +4075,9 @@ "meta": { "external_id": "T1564.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -3991,9 +4111,9 @@ "meta": { "external_id": "T1574.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -4030,9 +4150,9 @@ "meta": { "external_id": "T1574.010", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -4061,7 +4181,9 @@ "meta": { "external_id": "T1567.001", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4092,7 +4214,7 @@ "meta": { "external_id": "T1599.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -4120,7 +4242,7 @@ "meta": { "external_id": "T1562.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -4164,7 +4286,10 @@ "meta": { "external_id": "T1562.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4197,7 +4322,7 @@ "meta": { "external_id": "T1629.003", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -4220,7 +4345,8 @@ "meta": { "external_id": "T1474.002", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -4255,8 +4381,8 @@ "meta": { "external_id": "T1548.002", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4295,8 +4421,12 @@ "meta": { "external_id": "T1497.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:discovery" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4330,7 +4460,7 @@ "meta": { "external_id": "T1552.005", "kill_chain": [ - "mitre-attack:credential-access" + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "User Account: User Account Authentication" @@ -4359,7 +4489,9 @@ "meta": { "external_id": "T1567.002", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4391,7 +4523,8 @@ "meta": { "external_id": "T1474.003", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -4420,8 +4553,10 @@ "meta": { "external_id": "T1548.003", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4454,7 +4589,9 @@ "meta": { "external_id": "T1555.003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4490,7 +4627,8 @@ "meta": { "external_id": "T1553.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4527,8 +4665,10 @@ "meta": { "external_id": "T1546.004", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4570,8 +4710,8 @@ "meta": { "external_id": "T1548.004", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-macOS:privilege-escalation", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -4602,7 +4742,14 @@ "meta": { "external_id": "T1499.004", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -4639,8 +4786,14 @@ "meta": { "external_id": "T1548.005", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-IaaS:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-IaaS:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-Google-Workspace:defense-evasion" ], "mitre_data_sources": [ "User Account: User Account Modification" @@ -4679,8 +4832,10 @@ "meta": { "external_id": "T1547.006", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-Linux:persistence", + "attack-macOS:privilege-escalation", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4729,7 +4884,7 @@ "meta": { "external_id": "T1555.006", "kill_chain": [ - "mitre-attack:credential-access" + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Enumeration" @@ -4760,7 +4915,7 @@ "meta": { "external_id": "T1578.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Modification" @@ -4790,9 +4945,9 @@ "meta": { "external_id": "T1574.011", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4829,8 +4984,8 @@ "meta": { "external_id": "T1546.015", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4862,7 +5017,9 @@ "meta": { "external_id": "T1140", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "File: File Modification", @@ -4889,7 +5046,7 @@ "meta": { "external_id": "T1251", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1251" @@ -4903,7 +5060,7 @@ "meta": { "external_id": "T1228", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1228" @@ -4917,7 +5074,7 @@ "meta": { "external_id": "T1235", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1235" @@ -4931,7 +5088,9 @@ "meta": { "external_id": "T1030", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -4955,7 +5114,10 @@ "meta": { "external_id": "T1005", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection", + "attack-Network:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -4985,7 +5147,9 @@ "meta": { "external_id": "T1041", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5012,7 +5176,9 @@ "meta": { "external_id": "T1210", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-Windows:lateral-movement", + "attack-macOS:lateral-movement" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5039,7 +5205,10 @@ "meta": { "external_id": "T1016", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5067,8 +5236,8 @@ "meta": { "external_id": "T1091", "kill_chain": [ - "mitre-attack:lateral-movement", - "mitre-attack:initial-access" + "attack-Windows:lateral-movement", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "Drive: Drive Creation", @@ -5094,7 +5263,9 @@ "meta": { "external_id": "T1203", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-Windows:execution", + "attack-macOS:execution" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5117,7 +5288,7 @@ "meta": { "external_id": "T1042", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -5145,7 +5316,8 @@ "meta": { "external_id": "T1420", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -5164,7 +5336,9 @@ "meta": { "external_id": "T1025", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5187,7 +5361,9 @@ "meta": { "external_id": "T1052", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5212,7 +5388,7 @@ "meta": { "external_id": "T1602", "kill_chain": [ - "mitre-attack:collection" + "attack-Network:collection" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -5236,7 +5412,10 @@ "meta": { "external_id": "T1027", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5275,7 +5454,9 @@ "meta": { "external_id": "T1092", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Drive: Drive Access", @@ -5299,7 +5480,7 @@ "meta": { "external_id": "T1403", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -5317,7 +5498,9 @@ "meta": { "external_id": "T1503", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_platforms": [ "Linux", @@ -5347,7 +5530,10 @@ "meta": { "external_id": "T1530", "kill_chain": [ - "mitre-attack:collection" + "attack-IaaS:collection", + "attack-SaaS:collection", + "attack-Google-Workspace:collection", + "attack-Office-365:collection" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Access" @@ -5377,7 +5563,8 @@ "meta": { "external_id": "T1630", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "iOS", @@ -5396,7 +5583,10 @@ "meta": { "external_id": "T1083", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5423,9 +5613,9 @@ "meta": { "external_id": "T1038", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -5455,7 +5645,7 @@ "meta": { "external_id": "T1380", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1380" @@ -5486,7 +5676,8 @@ "meta": { "external_id": "T1404", "kill_chain": [ - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:privilege-escalation", + "mobile-attack-iOS:privilege-escalation" ], "mitre_platforms": [ "Android", @@ -5505,8 +5696,12 @@ "meta": { "external_id": "T1044", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "Windows", @@ -5534,7 +5729,8 @@ "meta": { "external_id": "T1406", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -5554,7 +5750,8 @@ "meta": { "external_id": "T1470", "kill_chain": [ - "mitre-mobile-attack:remote-service-effects" + "mobile-attack-Android:remote-service-effects", + "mobile-attack-iOS:remote-service-effects" ], "mitre_platforms": [ "Android", @@ -5576,7 +5773,14 @@ "meta": { "external_id": "T1048", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration", + "attack-Office-365:exfiltration", + "attack-SaaS:exfiltration", + "attack-IaaS:exfiltration", + "attack-Google-Workspace:exfiltration", + "attack-Network:exfiltration" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5612,7 +5816,11 @@ "meta": { "external_id": "T1049", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5642,8 +5850,18 @@ "meta": { "external_id": "T1550", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Windows:lateral-movement", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-Google-Workspace:lateral-movement", + "attack-IaaS:lateral-movement", + "attack-Containers:lateral-movement" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -5675,8 +5893,8 @@ "meta": { "external_id": "T1058", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -5704,7 +5922,14 @@ "meta": { "external_id": "T1059", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution", + "attack-Network:execution", + "attack-Office-365:execution", + "attack-Azure-AD:execution", + "attack-IaaS:execution", + "attack-Google-Workspace:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -5738,7 +5963,7 @@ "meta": { "external_id": "T1590", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -5758,7 +5983,9 @@ "meta": { "external_id": "T1066", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -5783,7 +6010,10 @@ "meta": { "external_id": "T1068", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -5810,8 +6040,8 @@ "meta": { "external_id": "T1088", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -5844,7 +6074,11 @@ "meta": { "external_id": "T1211", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5872,8 +6106,8 @@ "meta": { "external_id": "T1181", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -5903,7 +6137,10 @@ "meta": { "external_id": "T1212", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Azure-AD:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5934,8 +6171,8 @@ "meta": { "external_id": "T1122", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -5961,7 +6198,13 @@ "meta": { "external_id": "T1213", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-Windows:collection", + "attack-macOS:collection", + "attack-SaaS:collection", + "attack-Office-365:collection", + "attack-Google-Workspace:collection", + "attack-IaaS:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -5991,7 +6234,7 @@ "meta": { "external_id": "T1421", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery" ], "mitre_platforms": [ "Android" @@ -6008,7 +6251,8 @@ "meta": { "external_id": "T1215", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_platforms": [ "Linux", @@ -6044,7 +6288,7 @@ "meta": { "external_id": "T1612", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Containers:defense-evasion" ], "mitre_data_sources": [ "Image: Image Creation", @@ -6070,7 +6314,7 @@ "meta": { "external_id": "T1126", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -6094,7 +6338,7 @@ "meta": { "external_id": "T1216", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -6118,7 +6362,9 @@ "meta": { "external_id": "T1218", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -6149,7 +6395,7 @@ "meta": { "external_id": "T1341", "kill_chain": [ - "mitre-pre-attack:persona-development" + "pre-attack:persona-development" ], "refs": [ "http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf", @@ -6165,7 +6411,7 @@ "meta": { "external_id": "T1351", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/", @@ -6180,7 +6426,7 @@ "meta": { "external_id": "T1613", "kill_chain": [ - "mitre-attack:discovery" + "attack-Containers:discovery" ], "mitre_data_sources": [ "Container: Container Enumeration", @@ -6203,7 +6449,7 @@ "meta": { "external_id": "T1317", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1317" @@ -6217,7 +6463,7 @@ "meta": { "external_id": "T1319", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1319" @@ -6231,7 +6477,7 @@ "meta": { "external_id": "T1514", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -6258,7 +6504,7 @@ "meta": { "external_id": "T1471", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -6276,8 +6522,12 @@ "meta": { "external_id": "T1158", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence" ], "mitre_platforms": [ "Linux", @@ -6305,7 +6555,7 @@ "meta": { "external_id": "T1591", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -6324,7 +6574,7 @@ "meta": { "external_id": "T1619", "kill_chain": [ - "mitre-attack:discovery" + "attack-IaaS:discovery" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Access", @@ -6347,7 +6597,8 @@ "meta": { "external_id": "T1422", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -6367,7 +6618,7 @@ "meta": { "external_id": "T1522", "kill_chain": [ - "mitre-attack:credential-access" + "attack-IaaS:credential-access" ], "mitre_platforms": [ "IaaS" @@ -6392,7 +6643,7 @@ "meta": { "external_id": "T1233", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1233" @@ -6406,7 +6657,7 @@ "meta": { "external_id": "T1234", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1234" @@ -6420,7 +6671,8 @@ "meta": { "external_id": "T1623", "kill_chain": [ - "mitre-mobile-attack:execution" + "mobile-attack-Android:execution", + "mobile-attack-iOS:execution" ], "mitre_platforms": [ "Android", @@ -6439,7 +6691,7 @@ "meta": { "external_id": "T1263", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1263" @@ -6453,7 +6705,7 @@ "meta": { "external_id": "T1327", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1327" @@ -6467,7 +6719,7 @@ "meta": { "external_id": "T1293", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1293" @@ -6481,7 +6733,8 @@ "meta": { "external_id": "T1646", "kill_chain": [ - "mitre-mobile-attack:exfiltration" + "mobile-attack-Android:exfiltration", + "mobile-attack-iOS:exfiltration" ], "mitre_platforms": [ "Android", @@ -6500,7 +6753,8 @@ "meta": { "external_id": "T1642", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -6537,7 +6791,7 @@ "meta": { "external_id": "T1264", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1264" @@ -6551,7 +6805,8 @@ "meta": { "external_id": "T1472", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -6575,7 +6830,7 @@ "meta": { "external_id": "T1274", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1274" @@ -6589,7 +6844,8 @@ "meta": { "external_id": "T1428", "kill_chain": [ - "mitre-mobile-attack:lateral-movement" + "mobile-attack-Android:lateral-movement", + "mobile-attack-iOS:lateral-movement" ], "mitre_platforms": [ "Android", @@ -6608,7 +6864,7 @@ "meta": { "external_id": "T1256", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1256" @@ -6622,7 +6878,11 @@ "meta": { "external_id": "T1528", "kill_chain": [ - "mitre-attack:credential-access" + "attack-SaaS:credential-access", + "attack-Office-365:credential-access", + "attack-Azure-AD:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -6657,7 +6917,7 @@ "meta": { "external_id": "T1592", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -6679,7 +6939,7 @@ "meta": { "external_id": "T1626", "kill_chain": [ - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:privilege-escalation" ], "mitre_platforms": [ "Android" @@ -6697,7 +6957,7 @@ "meta": { "external_id": "T1269", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1269" @@ -6711,7 +6971,8 @@ "meta": { "external_id": "T1533", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -6730,7 +6991,7 @@ "meta": { "external_id": "T1353", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1353" @@ -6744,7 +7005,7 @@ "meta": { "external_id": "T1634", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "iOS" @@ -6762,7 +7023,8 @@ "meta": { "external_id": "T1643", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -6781,7 +7043,7 @@ "meta": { "external_id": "T1349", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1349", @@ -6797,7 +7059,7 @@ "meta": { "external_id": "T1355", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1355" @@ -6811,7 +7073,8 @@ "meta": { "external_id": "T1635", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -6834,7 +7097,9 @@ "meta": { "external_id": "T1563", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -6862,7 +7127,12 @@ "meta": { "external_id": "T1539", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-Google-Workspace:credential-access" ], "mitre_data_sources": [ "File: File Access", @@ -6895,7 +7165,7 @@ "meta": { "external_id": "T1366", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1366" @@ -6909,7 +7179,8 @@ "meta": { "external_id": "T1639", "kill_chain": [ - "mitre-mobile-attack:exfiltration" + "mobile-attack-Android:exfiltration", + "mobile-attack-iOS:exfiltration" ], "mitre_platforms": [ "Android", @@ -6928,8 +7199,8 @@ "meta": { "external_id": "T1399", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:persistence" + "mobile-attack-Android:defense-evasion", + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -6949,8 +7220,10 @@ "meta": { "external_id": "T1444", "kill_chain": [ - "mitre-mobile-attack:initial-access", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access", + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -6972,7 +7245,8 @@ "meta": { "external_id": "T1644", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -6990,7 +7264,8 @@ "meta": { "external_id": "T1464", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -7017,7 +7292,9 @@ "meta": { "external_id": "T1554", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence" ], "mitre_data_sources": [ "File: File Creation", @@ -7044,7 +7321,8 @@ "meta": { "external_id": "T1645", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence", + "mobile-attack-iOS:persistence" ], "mitre_platforms": [ "Android", @@ -7064,8 +7342,20 @@ "meta": { "external_id": "T1548", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Azure-AD:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7102,8 +7392,10 @@ "meta": { "external_id": "T1458", "kill_chain": [ - "mitre-mobile-attack:initial-access", - "mitre-mobile-attack:lateral-movement" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access", + "mobile-attack-Android:lateral-movement", + "mobile-attack-iOS:lateral-movement" ], "mitre_platforms": [ "Android", @@ -7129,7 +7421,8 @@ "meta": { "external_id": "T1664", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -7147,7 +7440,8 @@ "meta": { "external_id": "T1466", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -7173,7 +7467,8 @@ "meta": { "external_id": "T1467", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -7199,7 +7494,10 @@ "meta": { "external_id": "T1486", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-IaaS:impact" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Modification", @@ -7234,7 +7532,8 @@ "meta": { "external_id": "T1477", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -7257,7 +7556,15 @@ "meta": { "external_id": "T1498", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact", + "attack-Containers:impact" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Flow", @@ -7290,7 +7597,15 @@ "meta": { "external_id": "T1499", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact", + "attack-Containers:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -7327,7 +7642,10 @@ "meta": { "external_id": "T1555", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Enumeration", @@ -7356,7 +7674,12 @@ "meta": { "external_id": "T1567", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration", + "attack-Office-365:exfiltration", + "attack-SaaS:exfiltration", + "attack-Google-Workspace:exfiltration" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -7386,7 +7709,8 @@ "meta": { "external_id": "T1658", "kill_chain": [ - "mitre-mobile-attack:execution" + "mobile-attack-Android:execution", + "mobile-attack-iOS:execution" ], "mitre_platforms": [ "Android", @@ -7404,7 +7728,7 @@ "meta": { "external_id": "T1596", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -7428,7 +7752,7 @@ "meta": { "external_id": "T1578", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Metadata", @@ -7463,7 +7787,7 @@ "meta": { "external_id": "T1589", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -7493,7 +7817,7 @@ "meta": { "external_id": "T1059.010", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7523,7 +7847,7 @@ "meta": { "external_id": "T1602.001", "kill_chain": [ - "mitre-attack:collection" + "attack-Network:collection" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -7554,8 +7878,8 @@ "meta": { "external_id": "T1037.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7585,7 +7909,7 @@ "meta": { "external_id": "T1373", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1373" @@ -7599,8 +7923,8 @@ "meta": { "external_id": "T1055.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Module: Module Load", @@ -7634,7 +7958,12 @@ "meta": { "external_id": "T1190", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-IaaS:initial-access", + "attack-Network:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Containers:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -7669,7 +7998,7 @@ "meta": { "external_id": "T1370", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1370" @@ -7683,7 +8012,10 @@ "meta": { "external_id": "T1095", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Windows:command-and-control", + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -7712,7 +8044,9 @@ "meta": { "external_id": "T1111", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-Windows:credential-access", + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -7739,7 +8073,7 @@ "meta": { "external_id": "T1314", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1314" @@ -7753,7 +8087,7 @@ "meta": { "external_id": "T1315", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1315" @@ -7767,7 +8101,7 @@ "meta": { "external_id": "T1371", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1371" @@ -7798,7 +8132,7 @@ "meta": { "external_id": "T1377", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1377" @@ -7812,7 +8146,7 @@ "meta": { "external_id": "T1594", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -7833,7 +8167,7 @@ "meta": { "external_id": "T1003.008", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7862,7 +8196,7 @@ "meta": { "external_id": "T1021.002", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7899,7 +8233,8 @@ "meta": { "external_id": "T1630.003", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -7927,7 +8262,7 @@ "meta": { "external_id": "T1600.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -7955,7 +8290,7 @@ "meta": { "external_id": "T1003.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -7985,7 +8320,7 @@ "meta": { "external_id": "T1600.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -8012,7 +8347,8 @@ "meta": { "external_id": "T1003.005", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Linux:credential-access" ], "mitre_data_sources": [ "Command: Command Execution" @@ -8044,7 +8380,10 @@ "meta": { "external_id": "T1070.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8081,7 +8420,11 @@ "meta": { "external_id": "T1070.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-Google-Workspace:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -8120,7 +8463,9 @@ "meta": { "external_id": "T1011.001", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8152,7 +8497,9 @@ "meta": { "external_id": "T1102.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -8182,7 +8529,7 @@ "meta": { "external_id": "T1021.001", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -8214,7 +8561,9 @@ "meta": { "external_id": "T1016.001", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8243,7 +8592,7 @@ "meta": { "external_id": "T1601.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -8276,7 +8625,9 @@ "meta": { "external_id": "T1052.001", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8307,7 +8658,7 @@ "meta": { "external_id": "T1601.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -8334,7 +8685,7 @@ "meta": { "external_id": "T1021.006", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8369,7 +8720,10 @@ "meta": { "external_id": "T1071.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -8402,7 +8756,7 @@ "meta": { "external_id": "T1630.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -8426,7 +8780,8 @@ "meta": { "external_id": "T1036.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -8454,7 +8809,9 @@ "meta": { "external_id": "T1074.001", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8486,8 +8843,18 @@ "meta": { "external_id": "T1550.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Containers:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-Google-Workspace:lateral-movement", + "attack-Containers:lateral-movement", + "attack-IaaS:lateral-movement", + "attack-Azure-AD:lateral-movement" ], "mitre_data_sources": [ "Web Credential: Web Credential Usage" @@ -8528,7 +8895,8 @@ "meta": { "external_id": "T1505.001", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Linux:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -8560,7 +8928,9 @@ "meta": { "external_id": "T1560.001", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8595,8 +8965,12 @@ "meta": { "external_id": "T1098.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-IaaS:persistence", + "attack-Azure-AD:persistence", + "attack-SaaS:persistence", + "attack-IaaS:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-SaaS:privilege-escalation" ], "mitre_data_sources": [ "User Account: User Account Modification" @@ -8635,8 +9009,10 @@ "meta": { "external_id": "T1430.002", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:discovery" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -8666,7 +9042,9 @@ "meta": { "external_id": "T1027.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8699,7 +9077,10 @@ "meta": { "external_id": "T1074.002", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection", + "attack-IaaS:collection", + "attack-Linux:collection", + "attack-macOS:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8731,8 +9112,8 @@ "meta": { "external_id": "T1055.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -8761,8 +9142,8 @@ "meta": { "external_id": "T1550.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Windows:defense-evasion", + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -8791,7 +9172,9 @@ "meta": { "external_id": "T1560.002", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "File: File Creation", @@ -8824,8 +9207,12 @@ "meta": { "external_id": "T1056.002", "kill_chain": [ - "mitre-attack:collection", - "mitre-attack:credential-access" + "attack-macOS:collection", + "attack-Windows:collection", + "attack-Linux:collection", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Linux:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8860,7 +9247,7 @@ "meta": { "external_id": "T1027.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata", @@ -8892,7 +9279,9 @@ "meta": { "external_id": "T1036.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -8927,8 +9316,8 @@ "meta": { "external_id": "T1037.003", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -8959,8 +9348,8 @@ "meta": { "external_id": "T1055.003", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -8989,8 +9378,8 @@ "meta": { "external_id": "T1550.003", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Windows:defense-evasion", + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -9023,8 +9412,12 @@ "meta": { "external_id": "T1056.003", "kill_chain": [ - "mitre-attack:collection", - "mitre-attack:credential-access" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_data_sources": [ "File: File Modification" @@ -9053,9 +9446,9 @@ "meta": { "external_id": "T1053.007", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Containers:execution", + "attack-Containers:persistence", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Container: Container Creation", @@ -9086,7 +9479,7 @@ "meta": { "external_id": "T1059.003", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9114,7 +9507,7 @@ "meta": { "external_id": "T1590.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -9138,7 +9531,8 @@ "meta": { "external_id": "T1036.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -9166,7 +9560,7 @@ "meta": { "external_id": "T1036.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -9196,7 +9590,7 @@ "meta": { "external_id": "T1608.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -9224,7 +9618,9 @@ "meta": { "external_id": "T1036.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9254,7 +9650,8 @@ "meta": { "external_id": "T1036.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -9285,8 +9682,16 @@ "meta": { "external_id": "T1098.003", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Office-365:persistence", + "attack-IaaS:persistence", + "attack-SaaS:persistence", + "attack-Google-Workspace:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-Azure-AD:privilege-escalation" ], "mitre_data_sources": [ "User Account: User Account Modification" @@ -9323,8 +9728,8 @@ "meta": { "external_id": "T1055.004", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -9357,8 +9762,14 @@ "meta": { "external_id": "T1550.004", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-Google-Workspace:lateral-movement", + "attack-IaaS:lateral-movement" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -9390,8 +9801,8 @@ "meta": { "external_id": "T1056.004", "kill_chain": [ - "mitre-attack:collection", - "mitre-attack:credential-access" + "attack-Windows:collection", + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -9432,8 +9843,14 @@ "meta": { "external_id": "T1098.004", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-IaaS:persistence", + "attack-Network:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Network:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9471,7 +9888,7 @@ "meta": { "external_id": "T1505.005", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9506,8 +9923,8 @@ "meta": { "external_id": "T1055.005", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -9537,8 +9954,8 @@ "meta": { "external_id": "T1055.008", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Linux:defense-evasion", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -9572,7 +9989,7 @@ "meta": { "external_id": "T1590.006", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -9596,7 +10013,7 @@ "meta": { "external_id": "T1059.008", "kill_chain": [ - "mitre-attack:execution" + "attack-Network:execution" ], "mitre_data_sources": [ "Command: Command Execution" @@ -9624,7 +10041,7 @@ "meta": { "external_id": "T1114.001", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9653,7 +10070,9 @@ "meta": { "external_id": "T1114.002", "kill_chain": [ - "mitre-attack:collection" + "attack-Office-365:collection", + "attack-Windows:collection", + "attack-Google-Workspace:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -9684,7 +10103,7 @@ "meta": { "external_id": "T1218.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9717,7 +10136,11 @@ "meta": { "external_id": "T1114.003", "kill_chain": [ - "mitre-attack:collection" + "attack-Office-365:collection", + "attack-Windows:collection", + "attack-Google-Workspace:collection", + "attack-macOS:collection", + "attack-Linux:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -9753,8 +10176,10 @@ "meta": { "external_id": "T1631.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:privilege-escalation", + "mobile-attack-iOS:privilege-escalation" ], "mitre_platforms": [ "Android", @@ -9781,7 +10206,8 @@ "meta": { "external_id": "T1137.001", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9820,7 +10246,9 @@ "meta": { "external_id": "T1614.001", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9856,7 +10284,7 @@ "meta": { "external_id": "T1641.001", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -9880,7 +10308,8 @@ "meta": { "external_id": "T1481.001", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -9904,7 +10333,8 @@ "meta": { "external_id": "T1418.001", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -9929,7 +10359,10 @@ "meta": { "external_id": "T1561.001", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Network:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9966,7 +10399,10 @@ "meta": { "external_id": "T1518.001", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -9999,7 +10435,7 @@ "meta": { "external_id": "T1591.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -10024,7 +10460,8 @@ "meta": { "external_id": "T1422.001", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -10049,7 +10486,7 @@ "meta": { "external_id": "T1027.012", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -10078,8 +10515,10 @@ "meta": { "external_id": "T1417.002", "kill_chain": [ - "mitre-mobile-attack:credential-access", - "mitre-mobile-attack:collection" + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access", + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -10114,7 +10553,11 @@ "meta": { "external_id": "T1552.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Containers:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -10151,7 +10594,10 @@ "meta": { "external_id": "T1561.002", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Network:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -10191,7 +10637,7 @@ "meta": { "external_id": "T1626.001", "kill_chain": [ - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:privilege-escalation" ], "mitre_platforms": [ "Android" @@ -10215,7 +10661,7 @@ "meta": { "external_id": "T1628.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -10243,7 +10689,7 @@ "meta": { "external_id": "T1629.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -10267,8 +10713,8 @@ "meta": { "external_id": "T1134.004", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -10303,7 +10749,8 @@ "meta": { "external_id": "T1137.004", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -10335,7 +10782,7 @@ "meta": { "external_id": "T1591.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -10359,7 +10806,8 @@ "meta": { "external_id": "T1637.001", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -10385,8 +10833,8 @@ "meta": { "external_id": "T1484.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", @@ -10422,7 +10870,7 @@ "meta": { "external_id": "T1564.010", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Process: Process Creation" @@ -10454,8 +10902,10 @@ "meta": { "external_id": "T1548.001", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -10487,7 +10937,14 @@ "meta": { "external_id": "T1498.001", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Flow", @@ -10523,7 +10980,9 @@ "meta": { "external_id": "T1499.001", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -10557,9 +11016,9 @@ "meta": { "external_id": "T1556.001", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_data_sources": [ "File: File Modification", @@ -10590,7 +11049,9 @@ "meta": { "external_id": "T1565.001", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "File: File Creation", @@ -10622,7 +11083,7 @@ "meta": { "external_id": "T1585.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -10651,7 +11112,7 @@ "meta": { "external_id": "T1595.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Flow" @@ -10678,7 +11139,7 @@ "meta": { "external_id": "T1559.001", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Module: Module Load", @@ -10711,7 +11172,7 @@ "meta": { "external_id": "T1586.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -10741,7 +11202,9 @@ "meta": { "external_id": "T1568.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -10773,7 +11236,7 @@ "meta": { "external_id": "T1597.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -10797,7 +11260,7 @@ "meta": { "external_id": "T1552.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -10826,7 +11289,7 @@ "meta": { "external_id": "T1628.003", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -10849,7 +11312,14 @@ "meta": { "external_id": "T1499.002", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -10889,9 +11359,9 @@ "meta": { "external_id": "T1556.002", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_data_sources": [ "File: File Creation", @@ -10921,7 +11391,9 @@ "meta": { "external_id": "T1565.002", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -10953,7 +11425,7 @@ "meta": { "external_id": "T1552.006", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -10984,8 +11456,12 @@ "meta": { "external_id": "T1557.002", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:collection" + "attack-Linux:credential-access", + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Linux:collection", + "attack-Windows:collection", + "attack-macOS:collection" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -11017,7 +11493,7 @@ "meta": { "external_id": "T1559.002", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Module: Module Load", @@ -11056,7 +11532,9 @@ "meta": { "external_id": "T1568.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Flow" @@ -11094,7 +11572,7 @@ "meta": { "external_id": "T1562.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11130,7 +11608,7 @@ "meta": { "external_id": "T1578.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Instance: Instance Creation", @@ -11161,7 +11639,7 @@ "meta": { "external_id": "T1587.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Malware Repository: Malware Metadata" @@ -11188,7 +11666,7 @@ "meta": { "external_id": "T1597.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -11212,7 +11690,7 @@ "meta": { "external_id": "T1583.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content", @@ -11243,7 +11721,9 @@ "meta": { "external_id": "T1553.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11281,7 +11761,7 @@ "meta": { "external_id": "T1584.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content", @@ -11312,8 +11792,12 @@ "meta": { "external_id": "T1497.003", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:discovery" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11349,7 +11833,14 @@ "meta": { "external_id": "T1499.003", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -11387,9 +11878,12 @@ "meta": { "external_id": "T1556.003", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_data_sources": [ "File: File Modification", @@ -11422,7 +11916,9 @@ "meta": { "external_id": "T1565.003", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "File: File Creation", @@ -11456,7 +11952,9 @@ "meta": { "external_id": "T1566.003", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -11487,7 +11985,7 @@ "meta": { "external_id": "T1578.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Instance: Instance Deletion", @@ -11518,7 +12016,7 @@ "meta": { "external_id": "T1588.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Malware Repository: Malware Metadata" @@ -11545,7 +12043,7 @@ "meta": { "external_id": "T1564.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11584,8 +12082,8 @@ "meta": { "external_id": "T1547.004", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11616,7 +12114,7 @@ "meta": { "external_id": "T1555.004", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11651,9 +12149,9 @@ "meta": { "external_id": "T1556.004", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Network:credential-access", + "attack-Network:defense-evasion", + "attack-Network:persistence" ], "mitre_data_sources": [ "File: File Modification" @@ -11682,7 +12180,9 @@ "meta": { "external_id": "T1564.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Modification", @@ -11716,8 +12216,8 @@ "meta": { "external_id": "T1547.005", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11747,7 +12247,9 @@ "meta": { "external_id": "T1564.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11783,8 +12285,8 @@ "meta": { "external_id": "T1546.007", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11816,9 +12318,12 @@ "meta": { "external_id": "T1574.006", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -11860,7 +12365,12 @@ "meta": { "external_id": "T1567.004", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Windows:exfiltration", + "attack-macOS:exfiltration", + "attack-Linux:exfiltration", + "attack-SaaS:exfiltration", + "attack-Office-365:exfiltration", + "attack-Google-Workspace:exfiltration" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -11902,7 +12412,11 @@ "meta": { "external_id": "T1564.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Google-Workspace:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -11941,7 +12455,7 @@ "meta": { "external_id": "T1578.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Instance: Instance Metadata", @@ -11972,9 +12486,9 @@ "meta": { "external_id": "T1556.008", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_data_sources": [ "File: File Creation", @@ -12008,9 +12522,15 @@ "meta": { "external_id": "T1556.009", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Azure-AD:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Azure-AD:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Azure-AD:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -12044,7 +12564,9 @@ "meta": { "external_id": "T1562.011", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Process: Process Creation", @@ -12074,7 +12596,9 @@ "meta": { "external_id": "T1564.011", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12106,8 +12630,8 @@ "meta": { "external_id": "T1547.013", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:persistence", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12139,7 +12663,7 @@ "meta": { "external_id": "T1280", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1280" @@ -12153,7 +12677,10 @@ "meta": { "external_id": "T1033", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", @@ -12186,7 +12713,8 @@ "meta": { "external_id": "T1408", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -12214,7 +12742,7 @@ "meta": { "external_id": "T1281", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1281" @@ -12228,7 +12756,7 @@ "meta": { "external_id": "T1291", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1291", @@ -12243,7 +12771,7 @@ "meta": { "external_id": "T1226", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1226" @@ -12257,7 +12785,7 @@ "meta": { "external_id": "T1229", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1229" @@ -12271,7 +12799,7 @@ "meta": { "external_id": "T1245", "kill_chain": [ - "mitre-pre-attack:target-selection" + "pre-attack:target-selection" ], "refs": [ "https://attack.mitre.org/techniques/T1245" @@ -12285,7 +12813,7 @@ "meta": { "external_id": "T1257", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1257" @@ -12299,7 +12827,7 @@ "meta": { "external_id": "T1535", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Instance: Instance Creation", @@ -12321,7 +12849,7 @@ "meta": { "external_id": "T1593", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -12341,7 +12869,7 @@ "meta": { "external_id": "T1396", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1396", @@ -12358,7 +12886,9 @@ "meta": { "external_id": "T1010", "kill_chain": [ - "mitre-attack:discovery" + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Linux:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12384,7 +12914,9 @@ "meta": { "external_id": "T1003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", @@ -12425,7 +12957,7 @@ "meta": { "external_id": "T1004", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -12451,9 +12983,12 @@ "meta": { "external_id": "T1400", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:persistence", - "mitre-mobile-attack:impact" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:persistence", + "mobile-attack-iOS:persistence", + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact" ], "mitre_platforms": [ "Android", @@ -12480,7 +13015,9 @@ "meta": { "external_id": "T1500", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -12507,7 +13044,8 @@ "meta": { "external_id": "T1006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12533,7 +13071,9 @@ "meta": { "external_id": "T1007", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-macOS:discovery", + "attack-Linux:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12557,7 +13097,11 @@ "meta": { "external_id": "T1080", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement" ], "mitre_data_sources": [ "File: File Creation", @@ -12585,7 +13129,7 @@ "meta": { "external_id": "T1101", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -12610,7 +13154,9 @@ "meta": { "external_id": "T1120", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-macOS:discovery", + "attack-Linux:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12636,7 +13182,11 @@ "meta": { "external_id": "T1201", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-IaaS:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12666,7 +13216,7 @@ "meta": { "external_id": "T1301", "kill_chain": [ - "mitre-pre-attack:organizational-weakness-identification" + "pre-attack:organizational-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1301" @@ -12680,7 +13230,9 @@ "meta": { "external_id": "T1130", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -12713,7 +13265,7 @@ "meta": { "external_id": "T1031", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -12740,7 +13292,7 @@ "meta": { "external_id": "T1401", "kill_chain": [ - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:privilege-escalation" ], "mitre_platforms": [ "Android" @@ -12765,7 +13317,10 @@ "meta": { "external_id": "T1105", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12797,7 +13352,9 @@ "meta": { "external_id": "T1061", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution" ], "mitre_platforms": [ "Linux", @@ -12817,7 +13374,7 @@ "meta": { "external_id": "T1601", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -12839,7 +13396,9 @@ "meta": { "external_id": "T1017", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Linux", @@ -12865,7 +13424,10 @@ "meta": { "external_id": "T1071", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -12891,7 +13453,10 @@ "meta": { "external_id": "T1081", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_platforms": [ "Windows", @@ -12921,7 +13486,10 @@ "meta": { "external_id": "T1018", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12950,7 +13518,7 @@ "meta": { "external_id": "T1202", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -12974,7 +13542,7 @@ "meta": { "external_id": "T1220", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Module: Module Load", @@ -13002,7 +13570,9 @@ "meta": { "external_id": "T1032", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -13031,7 +13601,7 @@ "meta": { "external_id": "T1230", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1230" @@ -13045,7 +13615,9 @@ "meta": { "external_id": "T1024", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -13073,7 +13645,8 @@ "meta": { "external_id": "T1520", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -13099,8 +13672,8 @@ "meta": { "external_id": "T1502", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -13130,7 +13703,9 @@ "meta": { "external_id": "T1620", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Module: Module Load", @@ -13163,7 +13738,7 @@ "meta": { "external_id": "T1207", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", @@ -13191,8 +13766,16 @@ "meta": { "external_id": "T1072", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:lateral-movement" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution", + "attack-Network:execution", + "attack-SaaS:execution", + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement", + "attack-Network:lateral-movement", + "attack-SaaS:lateral-movement" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -13220,7 +13803,11 @@ "meta": { "external_id": "T1082", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -13252,8 +13839,8 @@ "meta": { "external_id": "T1028", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:lateral-movement" + "attack-Windows:execution", + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -13280,7 +13867,9 @@ "meta": { "external_id": "T1043", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -13300,7 +13889,7 @@ "meta": { "external_id": "T1305", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1305" @@ -13314,7 +13903,8 @@ "meta": { "external_id": "T1063", "kill_chain": [ - "mitre-attack:discovery" + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_platforms": [ "macOS", @@ -13338,7 +13928,7 @@ "meta": { "external_id": "T1360", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1360" @@ -13352,8 +13942,8 @@ "meta": { "external_id": "T1405", "kill_chain": [ - "mitre-mobile-attack:credential-access", - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:credential-access", + "mobile-attack-Android:privilege-escalation" ], "mitre_platforms": [ "Android" @@ -13375,7 +13965,7 @@ "meta": { "external_id": "T1640", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -13392,7 +13982,12 @@ "meta": { "external_id": "T1046", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Containers:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Enumeration", @@ -13422,7 +14017,7 @@ "meta": { "external_id": "T1604", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -13440,7 +14035,7 @@ "meta": { "external_id": "T1047", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -13468,7 +14063,8 @@ "meta": { "external_id": "T1409", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -13488,7 +14084,12 @@ "meta": { "external_id": "T1490", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-macOS:impact", + "attack-Linux:impact", + "attack-Network:impact", + "attack-IaaS:impact", + "attack-Containers:impact" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Deletion", @@ -13527,7 +14128,10 @@ "meta": { "external_id": "T1505", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Network:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -13557,7 +14161,9 @@ "meta": { "external_id": "T1560", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -13584,8 +14190,10 @@ "meta": { "external_id": "T1506", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement" ], "mitre_platforms": [ "Office 365", @@ -13611,7 +14219,9 @@ "meta": { "external_id": "T1065", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -13637,7 +14247,7 @@ "meta": { "external_id": "T1507", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection" ], "mitre_platforms": [ "Android" @@ -13660,7 +14270,7 @@ "meta": { "external_id": "T1075", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -13685,7 +14295,9 @@ "meta": { "external_id": "T1570", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -13716,7 +14328,7 @@ "meta": { "external_id": "T1508", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -13742,7 +14354,7 @@ "meta": { "external_id": "T1580", "kill_chain": [ - "mitre-attack:discovery" + "attack-IaaS:discovery" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Enumeration", @@ -13775,7 +14387,14 @@ "meta": { "external_id": "T1606", "kill_chain": [ - "mitre-attack:credential-access" + "attack-SaaS:credential-access", + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Linux:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-Google-Workspace:credential-access", + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -13810,7 +14429,7 @@ "meta": { "external_id": "T1076", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -13839,7 +14458,7 @@ "meta": { "external_id": "T1609", "kill_chain": [ - "mitre-attack:execution" + "attack-Containers:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -13866,7 +14485,7 @@ "meta": { "external_id": "T1096", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -13898,7 +14517,15 @@ "meta": { "external_id": "T1069", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-SaaS:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Google-Workspace:discovery", + "attack-Containers:discovery" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -13932,7 +14559,7 @@ "meta": { "external_id": "T1077", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -13963,7 +14590,7 @@ "meta": { "external_id": "T1097", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -13991,7 +14618,9 @@ "meta": { "external_id": "T1089", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -14017,8 +14646,10 @@ "meta": { "external_id": "T1151", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:execution", + "attack-macOS:execution" ], "mitre_platforms": [ "Linux", @@ -14044,7 +14675,9 @@ "meta": { "external_id": "T1611", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-Windows:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Container: Container Creation", @@ -14078,7 +14711,7 @@ "meta": { "external_id": "T1231", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1231" @@ -14092,8 +14725,10 @@ "meta": { "external_id": "T1412", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -14117,7 +14752,7 @@ "meta": { "external_id": "T1214", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_platforms": [ "Windows" @@ -14141,7 +14776,10 @@ "meta": { "external_id": "T1124", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Network:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -14178,7 +14816,7 @@ "meta": { "external_id": "T1241", "kill_chain": [ - "mitre-pre-attack:target-selection" + "pre-attack:target-selection" ], "refs": [ "https://attack.mitre.org/techniques/T1241" @@ -14192,7 +14830,9 @@ "meta": { "external_id": "T1217", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-Windows:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -14218,7 +14858,7 @@ "meta": { "external_id": "T1128", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -14244,7 +14884,9 @@ "meta": { "external_id": "T1219", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-Windows:command-and-control", + "attack-macOS:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -14274,8 +14916,14 @@ "meta": { "external_id": "T1133", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:initial-access" + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-Containers:persistence", + "attack-macOS:persistence", + "attack-Windows:initial-access", + "attack-Linux:initial-access", + "attack-Containers:initial-access", + "attack-macOS:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -14306,7 +14954,7 @@ "meta": { "external_id": "T1313", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1313" @@ -14320,8 +14968,8 @@ "meta": { "external_id": "T1134", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -14352,7 +15000,11 @@ "meta": { "external_id": "T1531", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Office-365:impact", + "attack-SaaS:impact" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -14380,7 +15032,9 @@ "meta": { "external_id": "T1135", "kill_chain": [ - "mitre-attack:discovery" + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Linux:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -14406,7 +15060,8 @@ "meta": { "external_id": "T1137", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -14440,7 +15095,7 @@ "meta": { "external_id": "T1173", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -14471,7 +15126,7 @@ "meta": { "external_id": "T1318", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1318" @@ -14485,7 +15140,8 @@ "meta": { "external_id": "T1451", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -14511,7 +15167,7 @@ "meta": { "external_id": "T1415", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "iOS" @@ -14534,7 +15190,8 @@ "meta": { "external_id": "T1146", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -14558,7 +15215,10 @@ "meta": { "external_id": "T1614", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-IaaS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -14589,7 +15249,7 @@ "meta": { "external_id": "T1174", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_platforms": [ "Windows" @@ -14614,7 +15274,7 @@ "meta": { "external_id": "T1419", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery" ], "mitre_platforms": [ "Android" @@ -14633,7 +15293,9 @@ "meta": { "external_id": "T1194", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-macOS:initial-access", + "attack-Linux:initial-access" ], "mitre_platforms": [ "Windows", @@ -14659,7 +15321,7 @@ "meta": { "external_id": "T1651", "kill_chain": [ - "mitre-attack:execution" + "attack-IaaS:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -14684,7 +15346,7 @@ "meta": { "external_id": "T1615", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", @@ -14712,7 +15374,8 @@ "meta": { "external_id": "T1156", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_platforms": [ "Linux", @@ -14737,7 +15400,7 @@ "meta": { "external_id": "T1185", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -14763,7 +15426,9 @@ "meta": { "external_id": "T1195", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-Windows:initial-access", + "attack-macOS:initial-access" ], "mitre_data_sources": [ "File: File Metadata", @@ -14793,8 +15458,10 @@ "meta": { "external_id": "T1166", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_platforms": [ "Linux", @@ -14820,8 +15487,10 @@ "meta": { "external_id": "T1168", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:execution" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Linux:execution", + "attack-macOS:execution" ], "mitre_platforms": [ "Linux", @@ -14851,8 +15520,8 @@ "meta": { "external_id": "T1196", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -14879,7 +15548,7 @@ "meta": { "external_id": "T1352", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1352" @@ -14893,8 +15562,8 @@ "meta": { "external_id": "T1223", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -14922,7 +15591,7 @@ "meta": { "external_id": "T1232", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1232" @@ -14936,7 +15605,7 @@ "meta": { "external_id": "T1242", "kill_chain": [ - "mitre-pre-attack:target-selection" + "pre-attack:target-selection" ], "refs": [ "https://attack.mitre.org/techniques/T1242" @@ -14950,7 +15619,7 @@ "meta": { "external_id": "T1225", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1225" @@ -14964,7 +15633,7 @@ "meta": { "external_id": "T1252", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1252" @@ -14978,7 +15647,7 @@ "meta": { "external_id": "T1262", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1262" @@ -14992,7 +15661,7 @@ "meta": { "external_id": "T1272", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1272" @@ -15012,7 +15681,7 @@ "meta": { "external_id": "T1282", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1282" @@ -15026,7 +15695,7 @@ "meta": { "external_id": "T1292", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1292" @@ -15040,7 +15709,8 @@ "meta": { "external_id": "T1432", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -15065,7 +15735,8 @@ "meta": { "external_id": "T1423", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -15083,7 +15754,8 @@ "meta": { "external_id": "T1532", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -15101,8 +15773,10 @@ "meta": { "external_id": "T1523", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:discovery" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -15132,7 +15806,7 @@ "meta": { "external_id": "T1253", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1253" @@ -15146,7 +15820,7 @@ "meta": { "external_id": "T1325", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1325", @@ -15162,7 +15836,8 @@ "meta": { "external_id": "T1632", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -15181,7 +15856,7 @@ "meta": { "external_id": "T1326", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1326", @@ -15196,7 +15871,7 @@ "meta": { "external_id": "T1273", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1273" @@ -15210,7 +15885,7 @@ "meta": { "external_id": "T1328", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1328" @@ -15224,7 +15899,7 @@ "meta": { "external_id": "T1283", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1283" @@ -15261,7 +15936,7 @@ "meta": { "external_id": "T1254", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1254" @@ -15275,7 +15950,8 @@ "meta": { "external_id": "T1426", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -15295,7 +15971,7 @@ "meta": { "external_id": "T1624", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -15312,7 +15988,7 @@ "meta": { "external_id": "T1246", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1246" @@ -15336,7 +16012,7 @@ "meta": { "external_id": "T1482", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -15365,7 +16041,7 @@ "meta": { "external_id": "T1249", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1249" @@ -15389,7 +16065,9 @@ "meta": { "external_id": "T1492", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_platforms": [ "Linux", @@ -15416,7 +16094,8 @@ "meta": { "external_id": "T1525", "kill_chain": [ - "mitre-attack:persistence" + "attack-IaaS:persistence", + "attack-Containers:persistence" ], "mitre_data_sources": [ "Image: Image Creation", @@ -15441,7 +16120,11 @@ "meta": { "external_id": "T1526", "kill_chain": [ - "mitre-attack:discovery" + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-SaaS:discovery", + "attack-IaaS:discovery", + "attack-Google-Workspace:discovery" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Enumeration" @@ -15469,7 +16152,9 @@ "meta": { "external_id": "T1652", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -15500,7 +16185,7 @@ "meta": { "external_id": "T1625", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -15518,7 +16203,7 @@ "meta": { "external_id": "T1265", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1265" @@ -15542,8 +16227,10 @@ "meta": { "external_id": "T1527", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:lateral-movement" + "attack-SaaS:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:lateral-movement", + "attack-Office-365:lateral-movement" ], "mitre_platforms": [ "SaaS", @@ -15571,7 +16258,7 @@ "meta": { "external_id": "T1258", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1258" @@ -15585,7 +16272,7 @@ "meta": { "external_id": "T1276", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1276" @@ -15609,7 +16296,7 @@ "meta": { "external_id": "T1268", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1268" @@ -15633,7 +16320,7 @@ "meta": { "external_id": "T1296", "kill_chain": [ - "mitre-pre-attack:people-weakness-identification" + "pre-attack:people-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1296" @@ -15647,7 +16334,7 @@ "meta": { "external_id": "T1287", "kill_chain": [ - "mitre-pre-attack:technical-weakness-identification" + "pre-attack:technical-weakness-identification" ], "refs": [ "https://attack.mitre.org/techniques/T1287" @@ -15661,7 +16348,7 @@ "meta": { "external_id": "T1279", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1279" @@ -15685,7 +16372,8 @@ "meta": { "external_id": "T1433", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -15710,7 +16398,7 @@ "meta": { "external_id": "T1339", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1339" @@ -15741,10 +16429,10 @@ "meta": { "external_id": "T1453", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access", - "mitre-mobile-attack:impact", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-Android:impact", + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -15764,7 +16452,8 @@ "meta": { "external_id": "T1435", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -15789,7 +16478,7 @@ "meta": { "external_id": "T1345", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1345" @@ -15803,7 +16492,8 @@ "meta": { "external_id": "T1463", "kill_chain": [ - "mitre-mobile-attack:network-effects" + "mobile-attack-Android:network-effects", + "mobile-attack-iOS:network-effects" ], "mitre_platforms": [ "Android", @@ -15829,8 +16519,10 @@ "meta": { "external_id": "T1436", "kill_chain": [ - "mitre-mobile-attack:command-and-control", - "mitre-mobile-attack:exfiltration" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control", + "mobile-attack-Android:exfiltration", + "mobile-attack-iOS:exfiltration" ], "mitre_platforms": [ "Android", @@ -15848,7 +16540,8 @@ "meta": { "external_id": "T1437", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -15867,7 +16560,9 @@ "meta": { "external_id": "T1483", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -15902,7 +16597,9 @@ "meta": { "external_id": "T1493", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_platforms": [ "Linux", @@ -15929,7 +16626,9 @@ "meta": { "external_id": "T1553", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -15961,7 +16660,7 @@ "meta": { "external_id": "T1536", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_platforms": [ "IaaS" @@ -15986,7 +16685,7 @@ "meta": { "external_id": "T1356", "kill_chain": [ - "mitre-pre-attack:test-capabilities" + "pre-attack:test-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1356" @@ -16000,7 +16699,11 @@ "meta": { "external_id": "T1538", "kill_chain": [ - "mitre-attack:discovery" + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-IaaS:discovery", + "attack-Google-Workspace:discovery", + "attack-SaaS:discovery" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -16027,7 +16730,8 @@ "meta": { "external_id": "T1663", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -16045,7 +16749,8 @@ "meta": { "external_id": "T1636", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -16064,7 +16769,7 @@ "meta": { "external_id": "T1379", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1379" @@ -16078,7 +16783,7 @@ "meta": { "external_id": "T1397", "kill_chain": [ - "mitre-pre-attack:technical-information-gathering" + "pre-attack:technical-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1397" @@ -16092,7 +16797,8 @@ "meta": { "external_id": "T1544", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -16110,7 +16816,7 @@ "meta": { "external_id": "T1454", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection" ], "mitre_platforms": [ "Android" @@ -16128,7 +16834,8 @@ "meta": { "external_id": "T1474", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -16171,8 +16878,8 @@ "meta": { "external_id": "T1447", "kill_chain": [ - "mitre-mobile-attack:impact", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:impact", + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -16196,7 +16903,7 @@ "meta": { "external_id": "T1448", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -16221,7 +16928,9 @@ "meta": { "external_id": "T1494", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_platforms": [ "Linux", @@ -16265,8 +16974,18 @@ "meta": { "external_id": "T1546", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Modification", @@ -16322,9 +17041,15 @@ "meta": { "external_id": "T1574", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -16353,7 +17078,7 @@ "meta": { "external_id": "T1647", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -16378,7 +17103,9 @@ "meta": { "external_id": "T1487", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-macOS:impact", + "attack-Linux:impact" ], "mitre_platforms": [ "Windows", @@ -16408,7 +17135,9 @@ "meta": { "external_id": "T1488", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_platforms": [ "Linux", @@ -16436,9 +17165,33 @@ "meta": { "external_id": "T1556", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Network:credential-access", + "attack-Azure-AD:credential-access", + "attack-Google-Workspace:credential-access", + "attack-IaaS:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Network:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Network:persistence", + "attack-Azure-AD:persistence", + "attack-Google-Workspace:persistence", + "attack-IaaS:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -16483,7 +17236,7 @@ "meta": { "external_id": "T1576", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -16507,7 +17260,7 @@ "meta": { "external_id": "T1577", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -16526,7 +17279,7 @@ "meta": { "external_id": "T1597", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -16545,7 +17298,7 @@ "meta": { "external_id": "T1598", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -16579,7 +17332,7 @@ "meta": { "external_id": "T1599", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -16601,9 +17354,9 @@ "meta": { "external_id": "T1053.001", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:execution", + "attack-Linux:persistence", + "attack-Linux:privilege-escalation" ], "mitre_platforms": [ "Linux" @@ -16629,7 +17382,7 @@ "meta": { "external_id": "T1553.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -16661,7 +17414,9 @@ "meta": { "external_id": "T1036.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -16692,7 +17447,10 @@ "meta": { "external_id": "T1090.003", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -16725,7 +17483,9 @@ "meta": { "external_id": "T1102.003", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -16756,7 +17516,9 @@ "meta": { "external_id": "T1016.002", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -16791,7 +17553,7 @@ "meta": { "external_id": "T1608.004", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -16820,7 +17582,9 @@ "meta": { "external_id": "T1132.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -16851,8 +17615,8 @@ "meta": { "external_id": "T1134.005", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -16886,7 +17650,8 @@ "meta": { "external_id": "T1481.003", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -16910,7 +17675,8 @@ "meta": { "external_id": "T1422.002", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -16934,9 +17700,9 @@ "meta": { "external_id": "T1574.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -16966,7 +17732,7 @@ "meta": { "external_id": "T1558.004", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request" @@ -16999,8 +17765,8 @@ "meta": { "external_id": "T1547.007", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17030,9 +17796,30 @@ "meta": { "external_id": "T1556.006", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Google-Workspace:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -17072,7 +17859,7 @@ "meta": { "external_id": "T1346", "kill_chain": [ - "mitre-pre-attack:build-capabilities" + "pre-attack:build-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1346" @@ -17086,7 +17873,9 @@ "meta": { "external_id": "T1104", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -17109,7 +17898,7 @@ "meta": { "external_id": "T1073", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -17135,7 +17924,8 @@ "meta": { "external_id": "T1605", "kill_chain": [ - "mitre-mobile-attack:execution" + "mobile-attack-Android:execution", + "mobile-attack-iOS:execution" ], "mitre_platforms": [ "Android", @@ -17159,7 +17949,8 @@ "meta": { "external_id": "T1509", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -17177,7 +17968,7 @@ "meta": { "external_id": "T1164", "kill_chain": [ - "mitre-attack:persistence" + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -17201,7 +17992,9 @@ "meta": { "external_id": "T1571", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -17228,7 +18021,7 @@ "meta": { "external_id": "T1178", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -17257,7 +18050,9 @@ "meta": { "external_id": "T1188", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -17282,7 +18077,10 @@ "meta": { "external_id": "T1189", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-SaaS:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -17311,8 +18109,14 @@ "meta": { "external_id": "T1542", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:persistence", + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-macOS:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17342,7 +18146,8 @@ "meta": { "external_id": "T1456", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -17362,7 +18167,9 @@ "meta": { "external_id": "T1559", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Module: Module Load", @@ -17389,8 +18196,8 @@ "meta": { "external_id": "T1134.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17419,7 +18226,9 @@ "meta": { "external_id": "T1027.013", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -17450,7 +18259,7 @@ "meta": { "external_id": "T1596.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -17475,7 +18284,9 @@ "meta": { "external_id": "T1564.012", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation" @@ -17504,7 +18315,9 @@ "meta": { "external_id": "T1001.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -17534,7 +18347,8 @@ "meta": { "external_id": "T1020.001", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Network:exfiltration", + "attack-IaaS:exfiltration" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -17569,7 +18383,7 @@ "meta": { "external_id": "T1003.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17608,7 +18422,9 @@ "meta": { "external_id": "T1001.003", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-Windows:command-and-control", + "attack-macOS:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -17637,7 +18453,10 @@ "meta": { "external_id": "T1090.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -17670,7 +18489,10 @@ "meta": { "external_id": "T1090.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -17703,7 +18525,7 @@ "meta": { "external_id": "T1003.004", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17735,7 +18557,7 @@ "meta": { "external_id": "T1003.007", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17767,7 +18589,9 @@ "meta": { "external_id": "T1070.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17797,7 +18621,9 @@ "meta": { "external_id": "T1090.004", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -17826,7 +18652,9 @@ "meta": { "external_id": "T1070.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -17864,7 +18692,16 @@ "meta": { "external_id": "T1110.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -17903,7 +18740,12 @@ "meta": { "external_id": "T1110.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Office-365:credential-access", + "attack-Azure-AD:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -17937,7 +18779,16 @@ "meta": { "external_id": "T1110.003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -17976,7 +18827,16 @@ "meta": { "external_id": "T1110.004", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -18013,7 +18873,10 @@ "meta": { "external_id": "T1071.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -18046,7 +18909,9 @@ "meta": { "external_id": "T1102.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -18077,7 +18942,9 @@ "meta": { "external_id": "T1204.001", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution" ], "mitre_data_sources": [ "File: File Creation", @@ -18107,9 +18974,18 @@ "meta": { "external_id": "T1205.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:command-and-control" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -18140,7 +19016,9 @@ "meta": { "external_id": "T1027.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -18171,7 +19049,9 @@ "meta": { "external_id": "T1027.010", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18210,7 +19090,11 @@ "meta": { "external_id": "T1021.007", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Office-365:lateral-movement", + "attack-Azure-AD:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-IaaS:lateral-movement", + "attack-Google-Workspace:lateral-movement" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation" @@ -18240,7 +19124,10 @@ "meta": { "external_id": "T1071.003", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -18272,7 +19159,9 @@ "meta": { "external_id": "T1480.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18308,7 +19197,7 @@ "meta": { "external_id": "T1590.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -18336,7 +19225,11 @@ "meta": { "external_id": "T1606.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -18370,7 +19263,7 @@ "meta": { "external_id": "T1608.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -18398,7 +19291,9 @@ "meta": { "external_id": "T1069.001", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18429,10 +19324,46 @@ "meta": { "external_id": "T1078.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:initial-access" + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Network:defense-evasion", + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Google-Workspace:persistence", + "attack-Containers:persistence", + "attack-Network:persistence", + "attack-Windows:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-Containers:privilege-escalation", + "attack-Network:privilege-escalation", + "attack-Windows:initial-access", + "attack-Azure-AD:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access", + "attack-IaaS:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Google-Workspace:initial-access", + "attack-Containers:initial-access", + "attack-Network:initial-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -18472,7 +19403,9 @@ "meta": { "external_id": "T1087.001", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18508,7 +19441,9 @@ "meta": { "external_id": "T1204.002", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution" ], "mitre_data_sources": [ "File: File Creation", @@ -18538,9 +19473,15 @@ "meta": { "external_id": "T1205.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:command-and-control" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -18573,7 +19514,9 @@ "meta": { "external_id": "T1027.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -18603,7 +19546,8 @@ "meta": { "external_id": "T1204.003", "kill_chain": [ - "mitre-attack:execution" + "attack-IaaS:execution", + "attack-Containers:execution" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -18638,7 +19582,7 @@ "meta": { "external_id": "T1630.002", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -18662,8 +19606,8 @@ "meta": { "external_id": "T1037.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18696,7 +19640,8 @@ "meta": { "external_id": "T1406.002", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "iOS", @@ -18720,7 +19665,8 @@ "meta": { "external_id": "T1505.002", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -18750,7 +19696,12 @@ "meta": { "external_id": "T1606.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Azure-AD:credential-access", + "attack-SaaS:credential-access", + "attack-Windows:credential-access", + "attack-Office-365:credential-access", + "attack-Google-Workspace:credential-access", + "attack-IaaS:credential-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -18791,7 +19742,9 @@ "meta": { "external_id": "T1027.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "File: File Creation" @@ -18823,7 +19776,7 @@ "meta": { "external_id": "T1608.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -18853,7 +19806,9 @@ "meta": { "external_id": "T1069.002", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18884,10 +19839,18 @@ "meta": { "external_id": "T1078.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:initial-access" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -18921,7 +19884,9 @@ "meta": { "external_id": "T1087.002", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -18954,7 +19919,10 @@ "meta": { "external_id": "T1027.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -18986,7 +19954,9 @@ "meta": { "external_id": "T1027.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -19021,8 +19991,12 @@ "meta": { "external_id": "T1037.004", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-Linux:persistence", + "attack-Network:persistence", + "attack-macOS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-Network:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19060,9 +20034,9 @@ "meta": { "external_id": "T1053.005", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:execution", + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19103,7 +20077,10 @@ "meta": { "external_id": "T1505.003", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-Windows:persistence", + "attack-macOS:persistence", + "attack-Network:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -19141,9 +20118,9 @@ "meta": { "external_id": "T1053.006", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:execution", + "attack-Linux:persistence", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19179,8 +20156,8 @@ "meta": { "external_id": "T1037.005", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19211,7 +20188,11 @@ "meta": { "external_id": "T1069.003", "kill_chain": [ - "mitre-attack:discovery" + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-SaaS:discovery", + "attack-IaaS:discovery", + "attack-Google-Workspace:discovery" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -19252,7 +20233,9 @@ "meta": { "external_id": "T1087.003", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Office-365:discovery", + "attack-Google-Workspace:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19285,10 +20268,26 @@ "meta": { "external_id": "T1078.003", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:initial-access" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Network:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Containers:persistence", + "attack-Network:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Containers:privilege-escalation", + "attack-Network:privilege-escalation", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-Containers:initial-access", + "attack-Network:initial-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -19320,7 +20319,7 @@ "meta": { "external_id": "T1505.004", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19358,7 +20357,7 @@ "meta": { "external_id": "T1590.004", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -19382,7 +20381,9 @@ "meta": { "external_id": "T1059.004", "kill_chain": [ - "mitre-attack:execution" + "attack-macOS:execution", + "attack-Linux:execution", + "attack-Network:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19413,10 +20414,26 @@ "meta": { "external_id": "T1078.004", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:initial-access" + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Google-Workspace:persistence", + "attack-Azure-AD:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-Azure-AD:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access", + "attack-IaaS:initial-access", + "attack-Google-Workspace:initial-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -19451,7 +20468,11 @@ "meta": { "external_id": "T1087.004", "kill_chain": [ - "mitre-attack:discovery" + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-SaaS:discovery", + "attack-IaaS:discovery", + "attack-Google-Workspace:discovery" ], "mitre_data_sources": [ "Command: Command Execution" @@ -19488,7 +20509,7 @@ "meta": { "external_id": "T1590.005", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -19514,7 +20535,9 @@ "meta": { "external_id": "T1059.005", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19551,8 +20574,8 @@ "meta": { "external_id": "T1055.009", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Linux:defense-evasion", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "File: File Modification" @@ -19581,7 +20604,7 @@ "meta": { "external_id": "T1608.005", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -19620,8 +20643,12 @@ "meta": { "external_id": "T1098.005", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Azure-AD:persistence", + "attack-Windows:persistence", + "attack-SaaS:persistence", + "attack-Azure-AD:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-SaaS:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", @@ -19659,7 +20686,11 @@ "meta": { "external_id": "T1059.009", "kill_chain": [ - "mitre-attack:execution" + "attack-IaaS:execution", + "attack-Azure-AD:execution", + "attack-Office-365:execution", + "attack-SaaS:execution", + "attack-Google-Workspace:execution" ], "mitre_data_sources": [ "Command: Command Execution" @@ -19690,7 +20721,7 @@ "meta": { "external_id": "T1608.006", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -19721,7 +20752,9 @@ "meta": { "external_id": "T1132.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -19752,7 +20785,8 @@ "meta": { "external_id": "T1521.001", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -19776,7 +20810,7 @@ "meta": { "external_id": "T1027.011", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "WMI: WMI Creation", @@ -19805,7 +20839,11 @@ "meta": { "external_id": "T1136.001", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-Containers:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19840,7 +20878,9 @@ "meta": { "external_id": "T1491.001", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -19873,7 +20913,8 @@ "meta": { "external_id": "T1521.002", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -19897,7 +20938,7 @@ "meta": { "external_id": "T1218.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -19933,7 +20974,7 @@ "meta": { "external_id": "T1213.003", "kill_chain": [ - "mitre-attack:collection" + "attack-SaaS:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -19962,7 +21003,8 @@ "meta": { "external_id": "T1521.003", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -19986,7 +21028,9 @@ "meta": { "external_id": "T1136.002", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-macOS:persistence", + "attack-Linux:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20018,7 +21062,8 @@ "meta": { "external_id": "T1623.001", "kill_chain": [ - "mitre-mobile-attack:execution" + "mobile-attack-Android:execution", + "mobile-attack-iOS:execution" ], "mitre_platforms": [ "Android", @@ -20043,7 +21088,8 @@ "meta": { "external_id": "T1137.002", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20078,8 +21124,10 @@ "meta": { "external_id": "T1542.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Firmware: Firmware Modification" @@ -20114,7 +21162,7 @@ "meta": { "external_id": "T1624.001", "kill_chain": [ - "mitre-mobile-attack:persistence" + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -20138,7 +21186,8 @@ "meta": { "external_id": "T1481.002", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -20162,7 +21211,10 @@ "meta": { "external_id": "T1491.002", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -20198,8 +21250,8 @@ "meta": { "external_id": "T1055.012", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -20232,7 +21284,9 @@ "meta": { "external_id": "T1562.010", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20269,7 +21323,7 @@ "meta": { "external_id": "T1591.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -20293,7 +21347,11 @@ "meta": { "external_id": "T1136.003", "kill_chain": [ - "mitre-attack:persistence" + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-IaaS:persistence", + "attack-Google-Workspace:persistence", + "attack-SaaS:persistence" ], "mitre_data_sources": [ "User Account: User Account Creation" @@ -20332,7 +21390,8 @@ "meta": { "external_id": "T1633.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -20356,7 +21415,8 @@ "meta": { "external_id": "T1137.003", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -20388,8 +21448,8 @@ "meta": { "external_id": "T1543.001", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20427,7 +21487,8 @@ "meta": { "external_id": "T1437.001", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -20452,7 +21513,7 @@ "meta": { "external_id": "T1553.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20487,8 +21548,8 @@ "meta": { "external_id": "T1055.013", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "File: File Metadata", @@ -20521,7 +21582,8 @@ "meta": { "external_id": "T1563.001", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20556,7 +21618,8 @@ "meta": { "external_id": "T1635.001", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -20584,7 +21647,10 @@ "meta": { "external_id": "T1573.001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-Windows:command-and-control", + "attack-macOS:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -20614,7 +21680,8 @@ "meta": { "external_id": "T1137.005", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -20647,7 +21714,7 @@ "meta": { "external_id": "T1593.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -20671,7 +21738,8 @@ "meta": { "external_id": "T1636.001", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -20696,8 +21764,8 @@ "meta": { "external_id": "T1055.014", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Linux:defense-evasion", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Module: Module Load", @@ -20731,8 +21799,8 @@ "meta": { "external_id": "T1546.010", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20766,8 +21834,8 @@ "meta": { "external_id": "T1547.010", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "File: File Creation", @@ -20799,7 +21867,7 @@ "meta": { "external_id": "T1591.004", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -20823,8 +21891,12 @@ "meta": { "external_id": "T1497.001", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:discovery" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -20857,7 +21929,7 @@ "meta": { "external_id": "T1558.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request", @@ -20890,7 +21962,9 @@ "meta": { "external_id": "T1566.001", "kill_chain": [ - "mitre-attack:initial-access" + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-Linux:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -20925,7 +21999,7 @@ "meta": { "external_id": "T1578.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-IaaS:defense-evasion" ], "mitre_data_sources": [ "Snapshot: Snapshot Creation", @@ -20957,7 +22031,7 @@ "meta": { "external_id": "T1598.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -20986,8 +22060,12 @@ "meta": { "external_id": "T1542.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Driver: Driver Metadata", @@ -21019,7 +22097,7 @@ "meta": { "external_id": "T1628.002", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -21042,7 +22120,7 @@ "meta": { "external_id": "T1629.002", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -21070,8 +22148,8 @@ "meta": { "external_id": "T1543.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:persistence", + "attack-Linux:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21109,7 +22187,8 @@ "meta": { "external_id": "T1552.003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21138,7 +22217,8 @@ "meta": { "external_id": "T1553.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -21169,7 +22249,7 @@ "meta": { "external_id": "T1563.002", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21203,7 +22283,10 @@ "meta": { "external_id": "T1573.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -21235,7 +22318,7 @@ "meta": { "external_id": "T1583.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -21259,7 +22342,7 @@ "meta": { "external_id": "T1593.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -21284,7 +22367,8 @@ "meta": { "external_id": "T1636.002", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -21309,8 +22393,12 @@ "meta": { "external_id": "T1484.002", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Windows:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-SaaS:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Creation", @@ -21348,8 +22436,8 @@ "meta": { "external_id": "T1542.005", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Network:defense-evasion", + "attack-Network:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21383,7 +22471,10 @@ "meta": { "external_id": "T1552.004", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21419,7 +22510,9 @@ "meta": { "external_id": "T1564.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21457,8 +22550,8 @@ "meta": { "external_id": "T1547.002", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21489,7 +22582,7 @@ "meta": { "external_id": "T1584.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Domain Name: Active DNS", @@ -21521,7 +22614,7 @@ "meta": { "external_id": "T1592.004", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -21549,7 +22642,14 @@ "meta": { "external_id": "T1498.002", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Azure-AD:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Flow", @@ -21589,7 +22689,8 @@ "meta": { "external_id": "T1555.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21621,7 +22722,7 @@ "meta": { "external_id": "T1552.007", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Containers:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21651,7 +22752,7 @@ "meta": { "external_id": "T1585.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -21677,7 +22778,9 @@ "meta": { "external_id": "T1552.008", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-Google-Workspace:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -21706,7 +22809,7 @@ "meta": { "external_id": "T1558.002", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Metadata" @@ -21735,7 +22838,7 @@ "meta": { "external_id": "T1595.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -21763,7 +22866,9 @@ "meta": { "external_id": "T1562.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21799,7 +22904,12 @@ "meta": { "external_id": "T1566.002", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access", + "attack-Google-Workspace:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -21841,7 +22951,7 @@ "meta": { "external_id": "T1586.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -21866,7 +22976,7 @@ "meta": { "external_id": "T1569.002", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -21898,7 +23008,7 @@ "meta": { "external_id": "T1589.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -21929,7 +23039,7 @@ "meta": { "external_id": "T1598.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -21961,8 +23071,8 @@ "meta": { "external_id": "T1543.003", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22007,7 +23117,7 @@ "meta": { "external_id": "T1593.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -22031,7 +23141,8 @@ "meta": { "external_id": "T1636.003", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-iOS:collection", + "mobile-attack-Android:collection" ], "mitre_platforms": [ "iOS", @@ -22056,8 +23167,8 @@ "meta": { "external_id": "T1543.004", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22095,8 +23206,8 @@ "meta": { "external_id": "T1543.005", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Containers:persistence", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22131,7 +23242,9 @@ "meta": { "external_id": "T1564.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22166,8 +23279,8 @@ "meta": { "external_id": "T1547.003", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22201,7 +23314,8 @@ "meta": { "external_id": "T1636.004", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -22226,8 +23340,12 @@ "meta": { "external_id": "T1557.003", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:collection" + "attack-Linux:credential-access", + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Linux:collection", + "attack-Windows:collection", + "attack-macOS:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -22263,7 +23381,7 @@ "meta": { "external_id": "T1585.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -22287,7 +23405,7 @@ "meta": { "external_id": "T1559.003", "kill_chain": [ - "mitre-attack:execution" + "attack-macOS:execution" ], "mitre_data_sources": [ "Process: Process Access" @@ -22317,7 +23435,7 @@ "meta": { "external_id": "T1595.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -22346,7 +23464,7 @@ "meta": { "external_id": "T1586.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -22371,7 +23489,9 @@ "meta": { "external_id": "T1568.003", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -22402,7 +23522,7 @@ "meta": { "external_id": "T1583.006", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -22430,7 +23550,7 @@ "meta": { "external_id": "T1596.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -22455,7 +23575,7 @@ "meta": { "external_id": "T1587.003", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -22482,7 +23602,7 @@ "meta": { "external_id": "T1589.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -22506,7 +23626,7 @@ "meta": { "external_id": "T1598.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -22547,9 +23667,9 @@ "meta": { "external_id": "T1574.004", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -22585,8 +23705,8 @@ "meta": { "external_id": "T1546.006", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-macOS:privilege-escalation", + "attack-macOS:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22618,7 +23738,12 @@ "meta": { "external_id": "T1566.004", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access", + "attack-Google-Workspace:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -22653,7 +23778,9 @@ "meta": { "external_id": "T1564.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata", @@ -22688,8 +23815,8 @@ "meta": { "external_id": "T1546.008", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22723,8 +23850,8 @@ "meta": { "external_id": "T1548.006", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-macOS:defense-evasion", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22755,7 +23882,7 @@ "meta": { "external_id": "T1584.006", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -22783,8 +23910,8 @@ "meta": { "external_id": "T1546.009", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22817,7 +23944,7 @@ "meta": { "external_id": "T1564.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -22851,8 +23978,8 @@ "meta": { "external_id": "T1547.008", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -22885,8 +24012,8 @@ "meta": { "external_id": "T1547.009", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "File: File Creation", @@ -22916,7 +24043,7 @@ "meta": { "external_id": "T1588.004", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Certificate: Certificate Registration", @@ -22947,7 +24074,7 @@ "meta": { "external_id": "T1584.008", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -22976,7 +24103,7 @@ "meta": { "external_id": "T1598.004", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -23004,7 +24131,9 @@ "meta": { "external_id": "T1555.005", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23040,9 +24169,9 @@ "meta": { "external_id": "T1556.005", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -23075,9 +24204,24 @@ "meta": { "external_id": "T1556.007", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-SaaS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Office-365:credential-access", + "attack-IaaS:credential-access", + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-SaaS:persistence", + "attack-Google-Workspace:persistence", + "attack-Office-365:persistence", + "attack-IaaS:persistence" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -23116,7 +24260,7 @@ "meta": { "external_id": "T1596.005", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -23140,7 +24284,7 @@ "meta": { "external_id": "T1588.007", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -23165,7 +24309,9 @@ "meta": { "external_id": "T1218.015", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23199,8 +24345,8 @@ "meta": { "external_id": "T1546.011", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23233,8 +24379,8 @@ "meta": { "external_id": "T1547.011", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -23259,8 +24405,8 @@ "meta": { "external_id": "T1547.012", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -23293,8 +24439,8 @@ "meta": { "external_id": "T1546.013", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23328,8 +24474,8 @@ "meta": { "external_id": "T1547.014", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23365,8 +24511,8 @@ "meta": { "external_id": "T1547.015", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "File: File Creation", @@ -23409,8 +24555,12 @@ "meta": { "external_id": "T1546.016", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23446,7 +24596,7 @@ "meta": { "external_id": "T1270", "kill_chain": [ - "mitre-pre-attack:people-information-gathering" + "pre-attack:people-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1270" @@ -23460,7 +24610,7 @@ "meta": { "external_id": "T1304", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1304" @@ -23474,9 +24624,18 @@ "meta": { "external_id": "T1053", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:execution", + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Containers:execution", + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Containers:persistence", + "attack-Windows:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23506,8 +24665,10 @@ "meta": { "external_id": "T1603", "kill_chain": [ - "mitre-mobile-attack:execution", - "mitre-mobile-attack:persistence" + "mobile-attack-Android:execution", + "mobile-attack-iOS:execution", + "mobile-attack-Android:persistence", + "mobile-attack-iOS:persistence" ], "mitre_platforms": [ "Android", @@ -23527,7 +24688,7 @@ "meta": { "external_id": "T1227", "kill_chain": [ - "mitre-pre-attack:priority-definition-planning" + "pre-attack:priority-definition-planning" ], "refs": [ "https://attack.mitre.org/techniques/T1227" @@ -23541,7 +24702,10 @@ "meta": { "external_id": "T1529", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Network:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23570,7 +24734,8 @@ "meta": { "external_id": "T1633", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -23588,8 +24753,12 @@ "meta": { "external_id": "T1497", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:discovery" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-Windows:discovery", + "attack-macOS:discovery", + "attack-Linux:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23615,7 +24784,9 @@ "meta": { "external_id": "T1001", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -23639,8 +24810,12 @@ "meta": { "external_id": "T1100", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:persistence", + "attack-Windows:persistence", + "attack-macOS:persistence", + "attack-Linux:privilege-escalation", + "attack-Windows:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "Linux", @@ -23668,7 +24843,10 @@ "meta": { "external_id": "T1020", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration", + "attack-Network:exfiltration" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23697,7 +24875,9 @@ "meta": { "external_id": "T1200", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -23725,7 +24905,9 @@ "meta": { "external_id": "T1002", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-Windows:exfiltration", + "attack-macOS:exfiltration" ], "mitre_platforms": [ "Linux", @@ -23751,8 +24933,16 @@ "meta": { "external_id": "T1040", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:discovery" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Network:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery", + "attack-IaaS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23784,8 +24974,8 @@ "meta": { "external_id": "T1050", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -23813,7 +25003,7 @@ "meta": { "external_id": "T1600", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "File: File Modification" @@ -23835,7 +25025,13 @@ "meta": { "external_id": "T1070", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Network:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-Google-Workspace:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -23874,7 +25070,9 @@ "meta": { "external_id": "T1008", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-Windows:command-and-control", + "attack-macOS:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -23898,7 +25096,9 @@ "meta": { "external_id": "T1009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -23927,7 +25127,16 @@ "meta": { "external_id": "T1110", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -23960,7 +25169,7 @@ "meta": { "external_id": "T1012", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -23984,7 +25193,10 @@ "meta": { "external_id": "T1021", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement", + "attack-IaaS:lateral-movement" ], "mitre_data_sources": [ "Command: Command Execution", @@ -24022,7 +25234,9 @@ "meta": { "external_id": "T1102", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -24047,8 +25261,8 @@ "meta": { "external_id": "T1103", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -24075,8 +25289,8 @@ "meta": { "external_id": "T1013", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -24102,8 +25316,8 @@ "meta": { "external_id": "T1015", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -24130,7 +25344,7 @@ "meta": { "external_id": "T1510", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -24159,9 +25373,9 @@ "meta": { "external_id": "T1150", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:defense-evasion", + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -24185,7 +25399,7 @@ "meta": { "external_id": "T1501", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence" ], "mitre_platforms": [ "Linux" @@ -24215,7 +25429,7 @@ "meta": { "external_id": "T1051", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement" ], "mitre_platforms": [ "Windows" @@ -24235,7 +25449,9 @@ "meta": { "external_id": "T1106", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Module: Module Load", @@ -24273,8 +25489,8 @@ "meta": { "external_id": "T1610", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Containers:defense-evasion", + "attack-Containers:execution" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -24304,8 +25520,8 @@ "meta": { "external_id": "T1160", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -24332,7 +25548,9 @@ "meta": { "external_id": "T1107", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -24358,8 +25576,20 @@ "meta": { "external_id": "T1108", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_platforms": [ "Windows", @@ -24383,8 +25613,8 @@ "meta": { "external_id": "T1109", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -24409,7 +25639,7 @@ "meta": { "external_id": "T1019", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -24441,7 +25671,9 @@ "meta": { "external_id": "T1022", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_platforms": [ "Linux", @@ -24468,7 +25700,7 @@ "meta": { "external_id": "T1320", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1320" @@ -24482,7 +25714,7 @@ "meta": { "external_id": "T1023", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -24506,8 +25738,8 @@ "meta": { "external_id": "T1402", "kill_chain": [ - "mitre-mobile-attack:persistence", - "mitre-mobile-attack:execution" + "mobile-attack-Android:persistence", + "mobile-attack-Android:execution" ], "mitre_platforms": [ "Android" @@ -24531,7 +25763,11 @@ "meta": { "external_id": "T1204", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-Windows:execution", + "attack-macOS:execution", + "attack-IaaS:execution", + "attack-Containers:execution" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -24568,7 +25804,7 @@ "meta": { "external_id": "T1240", "kill_chain": [ - "mitre-pre-attack:priority-definition-direction" + "pre-attack:priority-definition-direction" ], "refs": [ "https://attack.mitre.org/techniques/T1240" @@ -24582,9 +25818,18 @@ "meta": { "external_id": "T1205", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:command-and-control" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Network:defense-evasion", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence", + "attack-Network:persistence", + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -24617,7 +25862,9 @@ "meta": { "external_id": "T1026", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -24637,7 +25884,8 @@ "meta": { "external_id": "T1206", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "Linux", @@ -24663,7 +25911,7 @@ "meta": { "external_id": "T1209", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -24691,7 +25939,9 @@ "meta": { "external_id": "T1029", "kill_chain": [ - "mitre-attack:exfiltration" + "attack-Linux:exfiltration", + "attack-macOS:exfiltration", + "attack-Windows:exfiltration" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -24714,7 +25964,7 @@ "meta": { "external_id": "T1340", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1340", @@ -24729,8 +25979,8 @@ "meta": { "external_id": "T1034", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -24757,8 +26007,10 @@ "meta": { "external_id": "T1430", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:discovery" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -24782,7 +26034,7 @@ "meta": { "external_id": "T1035", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -24805,7 +26057,7 @@ "meta": { "external_id": "T1306", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1306" @@ -24819,7 +26071,7 @@ "meta": { "external_id": "T1093", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -24844,7 +26096,7 @@ "meta": { "external_id": "T1309", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1309" @@ -24864,7 +26116,7 @@ "meta": { "external_id": "T1054", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -24891,9 +26143,12 @@ "meta": { "external_id": "T1540", "kill_chain": [ - "mitre-mobile-attack:persistence", - "mitre-mobile-attack:privilege-escalation", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:persistence", + "mobile-attack-iOS:persistence", + "mobile-attack-Android:privilege-escalation", + "mobile-attack-iOS:privilege-escalation", + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -24920,8 +26175,8 @@ "meta": { "external_id": "T1504", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -24948,7 +26203,8 @@ "meta": { "external_id": "T1045", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "Windows", @@ -24992,7 +26248,10 @@ "meta": { "external_id": "T1074", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection", + "attack-IaaS:collection", + "attack-Linux:collection", + "attack-macOS:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25020,7 +26279,9 @@ "meta": { "external_id": "T1480", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25045,8 +26306,12 @@ "meta": { "external_id": "T1055", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "File: File Metadata", @@ -25079,7 +26344,7 @@ "meta": { "external_id": "T1650", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -25100,8 +26365,14 @@ "meta": { "external_id": "T1056", "kill_chain": [ - "mitre-attack:collection", - "mitre-attack:credential-access" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection", + "attack-Network:collection", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -25130,7 +26401,10 @@ "meta": { "external_id": "T1057", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-Network:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25157,7 +26431,7 @@ "meta": { "external_id": "T1608", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -25188,7 +26462,14 @@ "meta": { "external_id": "T1087", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-Azure-AD:discovery", + "attack-Office-365:discovery", + "attack-SaaS:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Google-Workspace:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25220,10 +26501,46 @@ "meta": { "external_id": "T1078", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:initial-access" + "attack-Windows:defense-evasion", + "attack-Azure-AD:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Google-Workspace:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Network:defense-evasion", + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-SaaS:persistence", + "attack-IaaS:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Google-Workspace:persistence", + "attack-Containers:persistence", + "attack-Network:persistence", + "attack-Windows:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-Containers:privilege-escalation", + "attack-Network:privilege-escalation", + "attack-Windows:initial-access", + "attack-Azure-AD:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access", + "attack-IaaS:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Google-Workspace:initial-access", + "attack-Containers:initial-access", + "attack-Network:initial-access" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -25258,7 +26575,9 @@ "meta": { "external_id": "T1079", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -25287,8 +26606,26 @@ "meta": { "external_id": "T1098", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-IaaS:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Google-Workspace:persistence", + "attack-SaaS:persistence", + "attack-Network:persistence", + "attack-Containers:persistence", + "attack-Windows:privilege-escalation", + "attack-Azure-AD:privilege-escalation", + "attack-Office-365:privilege-escalation", + "attack-IaaS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation", + "attack-Google-Workspace:privilege-escalation", + "attack-SaaS:privilege-escalation", + "attack-Network:privilege-escalation", + "attack-Containers:privilege-escalation" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Modification", @@ -25327,7 +26664,7 @@ "meta": { "external_id": "T1112", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25360,7 +26697,7 @@ "meta": { "external_id": "T1131", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -25386,7 +26723,9 @@ "meta": { "external_id": "T1113", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25411,7 +26750,7 @@ "meta": { "external_id": "T1311", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1311" @@ -25431,7 +26770,11 @@ "meta": { "external_id": "T1114", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection", + "attack-Office-365:collection", + "attack-Google-Workspace:collection", + "attack-macOS:collection", + "attack-Linux:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -25460,7 +26803,8 @@ "meta": { "external_id": "T1411", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -25497,7 +26841,8 @@ "meta": { "external_id": "T1141", "kill_chain": [ - "mitre-attack:credential-access" + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_platforms": [ "macOS", @@ -25526,7 +26871,9 @@ "meta": { "external_id": "T1115", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-Windows:collection", + "attack-macOS:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25554,7 +26901,7 @@ "meta": { "external_id": "T1161", "kill_chain": [ - "mitre-attack:persistence" + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -25579,7 +26926,8 @@ "meta": { "external_id": "T1116", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "macOS", @@ -25607,7 +26955,11 @@ "meta": { "external_id": "T1119", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection", + "attack-IaaS:collection", + "attack-SaaS:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25634,7 +26986,7 @@ "meta": { "external_id": "T1221", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -25665,7 +27017,9 @@ "meta": { "external_id": "T1123", "kill_chain": [ - "mitre-attack:collection" + "attack-Linux:collection", + "attack-macOS:collection", + "attack-Windows:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25689,7 +27043,9 @@ "meta": { "external_id": "T1132", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -25714,7 +27070,8 @@ "meta": { "external_id": "T1521", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -25732,7 +27089,8 @@ "meta": { "external_id": "T1512", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -25751,7 +27109,9 @@ "meta": { "external_id": "T1125", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection", + "attack-macOS:collection", + "attack-Linux:collection" ], "mitre_data_sources": [ "Command: Command Execution", @@ -25775,7 +27135,7 @@ "meta": { "external_id": "T1162", "kill_chain": [ - "mitre-attack:persistence" + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -25802,7 +27162,9 @@ "meta": { "external_id": "T1172", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_platforms": [ "Linux", @@ -25828,8 +27190,8 @@ "meta": { "external_id": "T1182", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -25855,7 +27217,11 @@ "meta": { "external_id": "T1192", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-macOS:initial-access", + "attack-Linux:initial-access", + "attack-Office-365:initial-access", + "attack-SaaS:initial-access" ], "mitre_platforms": [ "Windows", @@ -25884,7 +27250,9 @@ "meta": { "external_id": "T1129", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Module: Module Load", @@ -25912,7 +27280,7 @@ "meta": { "external_id": "T1331", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1331" @@ -25932,7 +27300,8 @@ "meta": { "external_id": "T1143", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "macOS", @@ -25958,7 +27327,7 @@ "meta": { "external_id": "T1513", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection" ], "mitre_platforms": [ "Android" @@ -25981,7 +27350,16 @@ "meta": { "external_id": "T1136", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Azure-AD:persistence", + "attack-Office-365:persistence", + "attack-IaaS:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Google-Workspace:persistence", + "attack-Network:persistence", + "attack-Containers:persistence", + "attack-SaaS:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -26014,8 +27392,10 @@ "meta": { "external_id": "T1631", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:privilege-escalation" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion", + "mobile-attack-Android:privilege-escalation", + "mobile-attack-iOS:privilege-escalation" ], "mitre_platforms": [ "Android", @@ -26033,8 +27413,8 @@ "meta": { "external_id": "T1138", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation" ], "mitre_platforms": [ "Windows" @@ -26059,7 +27439,7 @@ "meta": { "external_id": "T1381", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1381" @@ -26073,7 +27453,9 @@ "meta": { "external_id": "T1193", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-macOS:initial-access", + "attack-Linux:initial-access" ], "mitre_platforms": [ "Windows", @@ -26099,7 +27481,8 @@ "meta": { "external_id": "T1139", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access" ], "mitre_platforms": [ "Linux", @@ -26124,7 +27507,7 @@ "meta": { "external_id": "T1144", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "macOS" @@ -26151,8 +27534,10 @@ "meta": { "external_id": "T1414", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -26175,8 +27560,8 @@ "meta": { "external_id": "T1541", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:persistence" + "mobile-attack-Android:defense-evasion", + "mobile-attack-Android:persistence" ], "mitre_platforms": [ "Android" @@ -26198,7 +27583,9 @@ "meta": { "external_id": "T1145", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Windows:credential-access" ], "mitre_platforms": [ "Linux", @@ -26226,7 +27613,8 @@ "meta": { "external_id": "T1461", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -26248,7 +27636,7 @@ "meta": { "external_id": "T1641", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -26265,7 +27653,8 @@ "meta": { "external_id": "T1416", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -26291,8 +27680,10 @@ "meta": { "external_id": "T1417", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -26312,7 +27703,7 @@ "meta": { "external_id": "T1147", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "macOS" @@ -26336,7 +27727,8 @@ "meta": { "external_id": "T1418", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -26355,7 +27747,8 @@ "meta": { "external_id": "T1184", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement" ], "mitre_platforms": [ "Linux", @@ -26383,7 +27776,8 @@ "meta": { "external_id": "T1481", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -26401,7 +27795,7 @@ "meta": { "external_id": "T1149", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "macOS" @@ -26420,7 +27814,10 @@ "meta": { "external_id": "T1561", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Network:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -26450,8 +27847,8 @@ "meta": { "external_id": "T1516", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:impact" + "mobile-attack-Android:defense-evasion", + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -26471,8 +27868,8 @@ "meta": { "external_id": "T1165", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -26497,8 +27894,8 @@ "meta": { "external_id": "T1517", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-Android:credential-access" ], "mitre_platforms": [ "Android" @@ -26516,8 +27913,8 @@ "meta": { "external_id": "T1157", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -26543,7 +27940,10 @@ "meta": { "external_id": "T1518", "kill_chain": [ - "mitre-attack:discovery" + "attack-Windows:discovery", + "attack-IaaS:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -26570,7 +27970,7 @@ "meta": { "external_id": "T1159", "kill_chain": [ - "mitre-attack:persistence" + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -26601,8 +28001,10 @@ "meta": { "external_id": "T1661", "kill_chain": [ - "mitre-mobile-attack:initial-access", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access", + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -26622,9 +28024,9 @@ "meta": { "external_id": "T1616", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:impact", - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:collection", + "mobile-attack-Android:impact", + "mobile-attack-Android:command-and-control" ], "mitre_platforms": [ "Android" @@ -26646,7 +28048,9 @@ "meta": { "external_id": "T1176", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -26684,7 +28088,7 @@ "meta": { "external_id": "T1167", "kill_chain": [ - "mitre-attack:credential-access" + "attack-macOS:credential-access" ], "mitre_platforms": [ "macOS" @@ -26710,7 +28114,7 @@ "meta": { "external_id": "T1186", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_platforms": [ "Windows" @@ -26739,7 +28143,7 @@ "meta": { "external_id": "T1618", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -26762,8 +28166,8 @@ "meta": { "external_id": "T1177", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence" + "attack-Windows:execution", + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -26790,7 +28194,7 @@ "meta": { "external_id": "T1187", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "File: File Access", @@ -26821,8 +28225,8 @@ "meta": { "external_id": "T1197", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Windows:defense-evasion", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -26854,7 +28258,12 @@ "meta": { "external_id": "T1199", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Windows:initial-access", + "attack-SaaS:initial-access", + "attack-IaaS:initial-access", + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Office-365:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -26884,7 +28293,7 @@ "meta": { "external_id": "T1322", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1322" @@ -26898,8 +28307,12 @@ "meta": { "external_id": "T1622", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:discovery" + "attack-Windows:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:discovery", + "attack-Linux:discovery", + "attack-macOS:discovery" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -26930,7 +28343,7 @@ "meta": { "external_id": "T1382", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1382" @@ -26944,7 +28357,8 @@ "meta": { "external_id": "T1424", "kill_chain": [ - "mitre-mobile-attack:discovery" + "mobile-attack-Android:discovery", + "mobile-attack-iOS:discovery" ], "mitre_platforms": [ "Android", @@ -26963,7 +28377,8 @@ "meta": { "external_id": "T1429", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -26987,7 +28402,16 @@ "meta": { "external_id": "T1552", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access", + "attack-Azure-AD:credential-access", + "attack-Office-365:credential-access", + "attack-SaaS:credential-access", + "attack-IaaS:credential-access", + "attack-Linux:credential-access", + "attack-macOS:credential-access", + "attack-Google-Workspace:credential-access", + "attack-Containers:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -27022,7 +28446,13 @@ "meta": { "external_id": "T1562", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-IaaS:defense-evasion", + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Containers:defense-evasion", + "attack-Network:defense-evasion" ], "mitre_data_sources": [ "Cloud Service: Cloud Service Disable", @@ -27066,7 +28496,9 @@ "meta": { "external_id": "T1572", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -27093,7 +28525,7 @@ "meta": { "external_id": "T1582", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -27114,7 +28546,7 @@ "meta": { "external_id": "T1662", "kill_chain": [ - "mitre-mobile-attack:impact" + "mobile-attack-Android:impact" ], "mitre_platforms": [ "Android" @@ -27133,7 +28565,8 @@ "meta": { "external_id": "T1627", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -27152,7 +28585,7 @@ "meta": { "external_id": "T1628", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -27169,7 +28602,7 @@ "meta": { "external_id": "T1286", "kill_chain": [ - "mitre-pre-attack:organizational-information-gathering" + "pre-attack:organizational-information-gathering" ], "refs": [ "https://attack.mitre.org/techniques/T1286" @@ -27183,7 +28616,7 @@ "meta": { "external_id": "T1629", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -27202,7 +28635,7 @@ "meta": { "external_id": "T1333", "kill_chain": [ - "mitre-pre-attack:establish-&-maintain-infrastructure" + "pre-attack:establish-&-maintain-infrastructure" ], "refs": [ "https://attack.mitre.org/techniques/T1333" @@ -27222,7 +28655,7 @@ "meta": { "external_id": "T1363", "kill_chain": [ - "mitre-pre-attack:stage-capabilities" + "pre-attack:stage-capabilities" ], "refs": [ "https://attack.mitre.org/techniques/T1363" @@ -27236,7 +28669,12 @@ "meta": { "external_id": "T1534", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Windows:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Linux:lateral-movement", + "attack-Office-365:lateral-movement", + "attack-SaaS:lateral-movement", + "attack-Google-Workspace:lateral-movement" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -27266,7 +28704,7 @@ "meta": { "external_id": "T1374", "kill_chain": [ - "mitre-pre-attack:launch" + "pre-attack:launch" ], "refs": [ "https://attack.mitre.org/techniques/T1374" @@ -27280,7 +28718,10 @@ "meta": { "external_id": "T1653", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Network:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -27311,7 +28752,10 @@ "meta": { "external_id": "T1573", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -27337,7 +28781,7 @@ "meta": { "external_id": "T1583", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Domain Name: Active DNS", @@ -27369,7 +28813,8 @@ "meta": { "external_id": "T1637", "kill_chain": [ - "mitre-mobile-attack:command-and-control" + "mobile-attack-Android:command-and-control", + "mobile-attack-iOS:command-and-control" ], "mitre_platforms": [ "Android", @@ -27388,8 +28833,10 @@ "meta": { "external_id": "T1446", "kill_chain": [ - "mitre-mobile-attack:impact", - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:impact", + "mobile-attack-iOS:impact", + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -27416,7 +28863,10 @@ "meta": { "external_id": "T1564", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -27455,7 +28905,10 @@ "meta": { "external_id": "T1654", "kill_chain": [ - "mitre-attack:discovery" + "attack-Linux:discovery", + "attack-macOS:discovery", + "attack-Windows:discovery", + "attack-IaaS:discovery" ], "mitre_data_sources": [ "Command: Command Execution", @@ -27483,7 +28936,7 @@ "meta": { "external_id": "T1584", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Domain Name: Active DNS", @@ -27518,7 +28971,11 @@ "meta": { "external_id": "T1485", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Containers:impact" ], "mitre_data_sources": [ "Cloud Storage: Cloud Storage Deletion", @@ -27558,7 +29015,10 @@ "meta": { "external_id": "T1495", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Network:impact" ], "mitre_data_sources": [ "Firmware: Firmware Modification" @@ -27585,7 +29045,9 @@ "meta": { "external_id": "T1648", "kill_chain": [ - "mitre-attack:execution" + "attack-SaaS:execution", + "attack-IaaS:execution", + "attack-Office-365:execution" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -27614,7 +29076,11 @@ "meta": { "external_id": "T1496", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Containers:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -27651,7 +29117,9 @@ "meta": { "external_id": "T1489", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-Linux:impact", + "attack-macOS:impact" ], "mitre_data_sources": [ "Command: Command Execution", @@ -27682,7 +29150,9 @@ "meta": { "external_id": "T1565", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact" ], "mitre_data_sources": [ "File: File Creation", @@ -27711,8 +29181,8 @@ "meta": { "external_id": "T1575", "kill_chain": [ - "mitre-mobile-attack:defense-evasion", - "mitre-mobile-attack:execution" + "mobile-attack-Android:defense-evasion", + "mobile-attack-Android:execution" ], "mitre_platforms": [ "Android" @@ -27731,7 +29201,7 @@ "meta": { "external_id": "T1585", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -27756,7 +29226,7 @@ "meta": { "external_id": "T1595", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -27779,7 +29249,10 @@ "meta": { "external_id": "T1665", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Linux:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Domain Name: Domain Registration", @@ -27815,7 +29288,12 @@ "meta": { "external_id": "T1657", "kill_chain": [ - "mitre-attack:impact" + "attack-Linux:impact", + "attack-macOS:impact", + "attack-Windows:impact", + "attack-Office-365:impact", + "attack-SaaS:impact", + "attack-Google-Workspace:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -27851,7 +29329,7 @@ "meta": { "external_id": "T1586", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -27874,7 +29352,9 @@ "meta": { "external_id": "T1568", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -27902,8 +29382,12 @@ "meta": { "external_id": "T1659", "kill_chain": [ - "mitre-attack:initial-access", - "mitre-attack:command-and-control" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "File: File Creation", @@ -27931,7 +29415,9 @@ "meta": { "external_id": "T1569", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -27957,7 +29443,7 @@ "meta": { "external_id": "T1587", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content", @@ -27984,7 +29470,7 @@ "meta": { "external_id": "T1588", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Certificate: Certificate Registration", @@ -28014,7 +29500,8 @@ "meta": { "external_id": "T1638", "kill_chain": [ - "mitre-mobile-attack:collection" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection" ], "mitre_platforms": [ "Android", @@ -28041,8 +29528,14 @@ "meta": { "external_id": "T1557", "kill_chain": [ - "mitre-attack:credential-access", - "mitre-attack:collection" + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Linux:credential-access", + "attack-Network:credential-access", + "attack-Windows:collection", + "attack-macOS:collection", + "attack-Linux:collection", + "attack-Network:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -28078,7 +29571,8 @@ "meta": { "external_id": "T1137.006", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence", + "attack-Office-365:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28114,7 +29608,7 @@ "meta": { "external_id": "T1218.009", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28145,7 +29639,9 @@ "meta": { "external_id": "T1001.002", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content" @@ -28174,7 +29670,7 @@ "meta": { "external_id": "T1003.003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28203,7 +29699,7 @@ "meta": { "external_id": "T1003.006", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Object Access", @@ -28241,7 +29737,9 @@ "meta": { "external_id": "T1070.006", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata", @@ -28271,7 +29769,8 @@ "meta": { "external_id": "T1021.004", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -28301,7 +29800,9 @@ "meta": { "external_id": "T1021.005", "kill_chain": [ - "mitre-attack:lateral-movement" + "attack-Linux:lateral-movement", + "attack-macOS:lateral-movement", + "attack-Windows:lateral-movement" ], "mitre_data_sources": [ "Logon Session: Logon Session Creation", @@ -28343,7 +29844,7 @@ "meta": { "external_id": "T1406.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -28366,7 +29867,10 @@ "meta": { "external_id": "T1071.004", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Traffic Content", @@ -28399,8 +29903,14 @@ "meta": { "external_id": "T1056.001", "kill_chain": [ - "mitre-attack:collection", - "mitre-attack:credential-access" + "attack-Windows:collection", + "attack-macOS:collection", + "attack-Linux:collection", + "attack-Network:collection", + "attack-Windows:credential-access", + "attack-macOS:credential-access", + "attack-Linux:credential-access", + "attack-Network:credential-access" ], "mitre_data_sources": [ "Driver: Driver Load", @@ -28434,7 +29944,7 @@ "meta": { "external_id": "T1059.001", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28472,9 +29982,15 @@ "meta": { "external_id": "T1053.002", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Windows:execution", + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:persistence", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Windows:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28514,7 +30030,9 @@ "meta": { "external_id": "T1027.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Metadata" @@ -28544,7 +30062,7 @@ "meta": { "external_id": "T1059.002", "kill_chain": [ - "mitre-attack:execution" + "attack-macOS:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28576,7 +30094,7 @@ "meta": { "external_id": "T1590.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -28602,9 +30120,12 @@ "meta": { "external_id": "T1053.003", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Linux:persistence", + "attack-macOS:persistence", + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28635,9 +30156,9 @@ "meta": { "external_id": "T1053.004", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:execution", + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -28662,7 +30183,9 @@ "meta": { "external_id": "T1059.006", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-Windows:execution", + "attack-macOS:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28692,7 +30215,9 @@ "meta": { "external_id": "T1059.007", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution", + "attack-macOS:execution", + "attack-Linux:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28732,7 +30257,7 @@ "meta": { "external_id": "T1218.010", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28765,7 +30290,7 @@ "meta": { "external_id": "T1213.001", "kill_chain": [ - "mitre-attack:collection" + "attack-SaaS:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -28793,7 +30318,7 @@ "meta": { "external_id": "T1216.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28823,7 +30348,7 @@ "meta": { "external_id": "T1127.001", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28853,8 +30378,10 @@ "meta": { "external_id": "T1417.001", "kill_chain": [ - "mitre-mobile-attack:collection", - "mitre-mobile-attack:credential-access" + "mobile-attack-Android:collection", + "mobile-attack-iOS:collection", + "mobile-attack-Android:credential-access", + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "Android", @@ -28880,7 +30407,8 @@ "meta": { "external_id": "T1213.002", "kill_chain": [ - "mitre-attack:collection" + "attack-Windows:collection", + "attack-Office-365:collection" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -28909,7 +30437,7 @@ "meta": { "external_id": "T1216.002", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28944,7 +30472,7 @@ "meta": { "external_id": "T1218.003", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -28978,7 +30506,7 @@ "meta": { "external_id": "T1218.004", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29007,7 +30535,7 @@ "meta": { "external_id": "T1218.005", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29044,7 +30572,7 @@ "meta": { "external_id": "T1592.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -29072,7 +30600,8 @@ "meta": { "external_id": "T1627.001", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -29097,7 +30626,7 @@ "meta": { "external_id": "T1218.007", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29130,7 +30659,7 @@ "meta": { "external_id": "T1218.008", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29162,7 +30691,7 @@ "meta": { "external_id": "T1634.001", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "iOS" @@ -29188,7 +30717,7 @@ "meta": { "external_id": "T1583.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Domain Name: Active DNS", @@ -29234,7 +30763,7 @@ "meta": { "external_id": "T1584.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Domain Name: Active DNS", @@ -29266,7 +30795,7 @@ "meta": { "external_id": "T1555.001", "kill_chain": [ - "mitre-attack:credential-access" + "attack-macOS:credential-access" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29300,8 +30829,8 @@ "meta": { "external_id": "T1055.015", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:privilege-escalation" + "attack-Windows:defense-evasion", + "attack-Windows:privilege-escalation" ], "mitre_data_sources": [ "Process: OS API Execution", @@ -29331,7 +30860,7 @@ "meta": { "external_id": "T1569.001", "kill_chain": [ - "mitre-attack:execution" + "attack-macOS:execution" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29363,7 +30892,7 @@ "meta": { "external_id": "T1587.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Malware Repository: Malware Content", @@ -29395,7 +30924,7 @@ "meta": { "external_id": "T1588.001", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Malware Repository: Malware Content", @@ -29423,7 +30952,7 @@ "meta": { "external_id": "T1589.001", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -29455,7 +30984,7 @@ "meta": { "external_id": "T1592.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -29483,8 +31012,10 @@ "meta": { "external_id": "T1542.003", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:defense-evasion" + "attack-Linux:persistence", + "attack-Windows:persistence", + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Drive: Drive Modification" @@ -29513,7 +31044,7 @@ "meta": { "external_id": "T1592.003", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -29537,8 +31068,8 @@ "meta": { "external_id": "T1542.004", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:persistence" + "attack-Network:defense-evasion", + "attack-Network:persistence" ], "mitre_data_sources": [ "Firmware: Firmware Modification" @@ -29566,8 +31097,8 @@ "meta": { "external_id": "T1546.002", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-Windows:privilege-escalation", + "attack-Windows:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29599,7 +31130,7 @@ "meta": { "external_id": "T1596.002", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -29623,7 +31154,7 @@ "meta": { "external_id": "T1588.002", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Malware Repository: Malware Metadata" @@ -29651,7 +31182,7 @@ "meta": { "external_id": "T1583.004", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content", @@ -29684,7 +31215,7 @@ "meta": { "external_id": "T1583.005", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -29712,7 +31243,7 @@ "meta": { "external_id": "T1558.003", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_data_sources": [ "Active Directory: Active Directory Credential Request" @@ -29745,7 +31276,7 @@ "meta": { "external_id": "T1583.007", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -29774,7 +31305,7 @@ "meta": { "external_id": "T1583.008", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -29805,7 +31336,7 @@ "meta": { "external_id": "T1584.004", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content", @@ -29836,8 +31367,10 @@ "meta": { "external_id": "T1546.005", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-macOS:privilege-escalation", + "attack-Linux:privilege-escalation", + "attack-macOS:persistence", + "attack-Linux:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -29869,7 +31402,7 @@ "meta": { "external_id": "T1584.005", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -29895,7 +31428,7 @@ "meta": { "external_id": "T1596.004", "kill_chain": [ - "mitre-attack:reconnaissance" + "attack-PRE:reconnaissance" ], "mitre_platforms": [ "PRE" @@ -29919,7 +31452,7 @@ "meta": { "external_id": "T1587.004", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -29944,7 +31477,7 @@ "meta": { "external_id": "T1584.007", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_data_sources": [ "Internet Scan: Response Content" @@ -29973,7 +31506,7 @@ "meta": { "external_id": "T1588.005", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -30001,7 +31534,7 @@ "meta": { "external_id": "T1588.006", "kill_chain": [ - "mitre-attack:resource-development" + "attack-PRE:resource-development" ], "mitre_platforms": [ "PRE" @@ -30025,7 +31558,7 @@ "meta": { "external_id": "T1218.011", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30059,7 +31592,7 @@ "meta": { "external_id": "T1218.012", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30091,7 +31624,7 @@ "meta": { "external_id": "T1218.013", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30122,7 +31655,7 @@ "meta": { "external_id": "T1218.014", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30158,9 +31691,9 @@ "meta": { "external_id": "T1574.012", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30196,9 +31729,9 @@ "meta": { "external_id": "T1574.013", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Process: OS API Execution" @@ -30228,8 +31761,8 @@ "meta": { "external_id": "T1546.014", "kill_chain": [ - "mitre-attack:privilege-escalation", - "mitre-attack:persistence" + "attack-macOS:privilege-escalation", + "attack-macOS:persistence" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30261,9 +31794,9 @@ "meta": { "external_id": "T1574.014", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:defense-evasion" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "File: File Creation", @@ -30295,7 +31828,7 @@ "meta": { "external_id": "T1163", "kill_chain": [ - "mitre-attack:persistence" + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -30320,8 +31853,8 @@ "meta": { "external_id": "T1121", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30348,7 +31881,10 @@ "meta": { "external_id": "T1090", "kill_chain": [ - "mitre-attack:command-and-control" + "attack-Linux:command-and-control", + "attack-macOS:command-and-control", + "attack-Windows:command-and-control", + "attack-Network:command-and-control" ], "mitre_data_sources": [ "Network Traffic: Network Connection Creation", @@ -30375,7 +31911,9 @@ "meta": { "external_id": "T1014", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion" ], "mitre_data_sources": [ "Drive: Drive Modification", @@ -30403,8 +31941,8 @@ "meta": { "external_id": "T1170", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30435,7 +31973,7 @@ "meta": { "external_id": "T1180", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -30460,8 +31998,8 @@ "meta": { "external_id": "T1085", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30486,7 +32024,7 @@ "meta": { "external_id": "T1062", "kill_chain": [ - "mitre-attack:persistence" + "attack-Windows:persistence" ], "mitre_platforms": [ "Windows" @@ -30508,7 +32046,7 @@ "meta": { "external_id": "T1208", "kill_chain": [ - "mitre-attack:credential-access" + "attack-Windows:credential-access" ], "mitre_platforms": [ "Windows" @@ -30538,7 +32076,10 @@ "meta": { "external_id": "T1036", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Containers:defense-evasion" ], "mitre_data_sources": [ "Command: Command Execution", @@ -30574,8 +32115,12 @@ "meta": { "external_id": "T1064", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Windows:execution" ], "mitre_platforms": [ "Linux", @@ -30599,7 +32144,8 @@ "meta": { "external_id": "T1660", "kill_chain": [ - "mitre-mobile-attack:initial-access" + "mobile-attack-Android:initial-access", + "mobile-attack-iOS:initial-access" ], "mitre_platforms": [ "Android", @@ -30618,7 +32164,8 @@ "meta": { "external_id": "T1067", "kill_chain": [ - "mitre-attack:persistence" + "attack-Linux:persistence", + "attack-Windows:persistence" ], "mitre_platforms": [ "Linux", @@ -30644,7 +32191,7 @@ "meta": { "external_id": "T1086", "kill_chain": [ - "mitre-attack:execution" + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30675,7 +32222,9 @@ "meta": { "external_id": "T1099", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-Windows:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -30701,8 +32250,8 @@ "meta": { "external_id": "T1117", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30729,8 +32278,8 @@ "meta": { "external_id": "T1118", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30755,8 +32304,8 @@ "meta": { "external_id": "T1191", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution" + "attack-Windows:defense-evasion", + "attack-Windows:execution" ], "mitre_platforms": [ "Windows" @@ -30785,7 +32334,7 @@ "meta": { "external_id": "T1142", "kill_chain": [ - "mitre-attack:credential-access" + "attack-macOS:credential-access" ], "mitre_platforms": [ "macOS" @@ -30810,9 +32359,9 @@ "meta": { "external_id": "T1152", "kill_chain": [ - "mitre-attack:defense-evasion", - "mitre-attack:execution", - "mitre-attack:persistence" + "attack-macOS:defense-evasion", + "attack-macOS:execution", + "attack-macOS:persistence" ], "mitre_platforms": [ "macOS" @@ -30836,7 +32385,8 @@ "meta": { "external_id": "T1153", "kill_chain": [ - "mitre-attack:execution" + "attack-Linux:execution", + "attack-macOS:execution" ], "mitre_platforms": [ "Linux", @@ -30855,8 +32405,10 @@ "meta": { "external_id": "T1154", "kill_chain": [ - "mitre-attack:execution", - "mitre-attack:persistence" + "attack-Linux:execution", + "attack-macOS:execution", + "attack-Linux:persistence", + "attack-macOS:persistence" ], "mitre_platforms": [ "Linux", @@ -30882,7 +32434,8 @@ "meta": { "external_id": "T1148", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion" ], "mitre_platforms": [ "Linux", @@ -30907,7 +32460,10 @@ "meta": { "external_id": "T1491", "kill_chain": [ - "mitre-attack:impact" + "attack-Windows:impact", + "attack-IaaS:impact", + "attack-Linux:impact", + "attack-macOS:impact" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -30933,7 +32489,7 @@ "meta": { "external_id": "T1155", "kill_chain": [ - "mitre-attack:execution" + "attack-macOS:execution" ], "mitre_platforms": [ "macOS" @@ -30957,7 +32513,8 @@ "meta": { "external_id": "T1581", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -30984,8 +32541,8 @@ "meta": { "external_id": "T1519", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation" + "attack-macOS:persistence", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "macOS" @@ -31011,7 +32568,7 @@ "meta": { "external_id": "T1617", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion" ], "mitre_platforms": [ "Android" @@ -31028,7 +32585,8 @@ "meta": { "external_id": "T1169", "kill_chain": [ - "mitre-attack:privilege-escalation" + "attack-Linux:privilege-escalation", + "attack-macOS:privilege-escalation" ], "mitre_platforms": [ "Linux", @@ -31053,9 +32611,9 @@ "meta": { "external_id": "T1179", "kill_chain": [ - "mitre-attack:persistence", - "mitre-attack:privilege-escalation", - "mitre-attack:credential-access" + "attack-Windows:persistence", + "attack-Windows:privilege-escalation", + "attack-Windows:credential-access" ], "mitre_platforms": [ "Windows" @@ -31093,7 +32651,7 @@ "meta": { "external_id": "T1324", "kill_chain": [ - "mitre-pre-attack:adversary-opsec" + "pre-attack:adversary-opsec" ], "refs": [ "https://attack.mitre.org/techniques/T1324", @@ -31108,7 +32666,8 @@ "meta": { "external_id": "T1655", "kill_chain": [ - "mitre-mobile-attack:defense-evasion" + "mobile-attack-Android:defense-evasion", + "mobile-attack-iOS:defense-evasion" ], "mitre_platforms": [ "Android", @@ -31128,7 +32687,12 @@ "meta": { "external_id": "T1656", "kill_chain": [ - "mitre-attack:defense-evasion" + "attack-Linux:defense-evasion", + "attack-macOS:defense-evasion", + "attack-Windows:defense-evasion", + "attack-Office-365:defense-evasion", + "attack-SaaS:defense-evasion", + "attack-Google-Workspace:defense-evasion" ], "mitre_data_sources": [ "Application Log: Application Log Content" @@ -31155,7 +32719,12 @@ "meta": { "external_id": "T1566", "kill_chain": [ - "mitre-attack:initial-access" + "attack-Linux:initial-access", + "attack-macOS:initial-access", + "attack-Windows:initial-access", + "attack-SaaS:initial-access", + "attack-Office-365:initial-access", + "attack-Google-Workspace:initial-access" ], "mitre_data_sources": [ "Application Log: Application Log Content", @@ -31192,7 +32761,7 @@ "meta": { "external_id": "T1579", "kill_chain": [ - "mitre-mobile-attack:credential-access" + "mobile-attack-iOS:credential-access" ], "mitre_platforms": [ "iOS" @@ -31214,5 +32783,5 @@ "value": "Keychain - T1579" } ], - "version": 28 + "version": 29 } diff --git a/galaxies/mitre-attack-pattern.json b/galaxies/mitre-attack-pattern.json index 5bf1ad4..50d3e5c 100644 --- a/galaxies/mitre-attack-pattern.json +++ b/galaxies/mitre-attack-pattern.json @@ -2,9 +2,55 @@ "description": "ATT&CK Tactic", "icon": "map", "kill_chain_order": { - "mitre-attack": [ - "reconnaissance", - "resource-development", + "attack-Azure-AD": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "impact" + ], + "attack-Containers": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "impact" + ], + "attack-Google-Workspace": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "exfiltration", + "impact" + ], + "attack-IaaS": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "exfiltration", + "impact" + ], + "attack-Linux": [ "initial-access", "execution", "persistence", @@ -18,7 +64,79 @@ "exfiltration", "impact" ], - "mitre-mobile-attack": [ + "attack-Network": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact" + ], + "attack-Office-365": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "exfiltration", + "impact" + ], + "attack-PRE": [ + "reconnaissance", + "resource-development" + ], + "attack-SaaS": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "exfiltration", + "impact" + ], + "attack-Windows": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact" + ], + "attack-macOS": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact" + ], + "mobile-attack-Android": [ "initial-access", "execution", "persistence", @@ -34,7 +152,23 @@ "network-effects", "remote-service-effects" ], - "mitre-pre-attack": [ + "mobile-attack-iOS": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact", + "network-effects", + "remote-service-effects" + ], + "pre-attack": [ "priority-definition-planning", "priority-definition-direction", "target-selection", @@ -49,12 +183,14 @@ "persona-development", "build-capabilities", "test-capabilities", - "stage-capabilities" + "stage-capabilities", + "launch", + "compromise" ] }, "name": "Attack Pattern", "namespace": "mitre-attack", "type": "mitre-attack-pattern", "uuid": "c4e851fa-775f-11e7-8163-b774922098cd", - "version": 9 + "version": 10 } diff --git a/tools/gen_mitre.py b/tools/gen_mitre.py index 4c6b628..9d7ad39 100755 --- a/tools/gen_mitre.py +++ b/tools/gen_mitre.py @@ -25,6 +25,62 @@ types = {'data-source': 'x-mitre-data-source', } mitre_sources = ['mitre-attack', 'mitre-ics-attack', 'mitre-pre-attack', 'mitre-mobile-attack'] + +kill_chain_order_sort_order = { + "attack": [ + "reconnaissance", + "resource-development", + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact" + ], + "mobile-attack": [ + "initial-access", + "execution", + "persistence", + "privilege-escalation", + "defense-evasion", + "credential-access", + "discovery", + "lateral-movement", + "collection", + "command-and-control", + "exfiltration", + "impact", + "network-effects", + "remote-service-effects" + ], + "pre-attack": [ + "priority-definition-planning", + "priority-definition-direction", + "target-selection", + "technical-information-gathering", + "people-information-gathering", + "organizational-information-gathering", + "technical-weakness-identification", + "people-weakness-identification", + "organizational-weakness-identification", + "adversary-opsec", + "establish-&-maintain-infrastructure", + "persona-development", + "build-capabilities", + "test-capabilities", + "stage-capabilities", + "launch", # added manually + "compromise" # added manually + ] +} + + all_data = {} # variable that will contain everything # read in the non-MITRE data @@ -90,6 +146,12 @@ for domain in domains: if item['type'] not in types.values(): continue + # skip deprecated and/or revoked + # if 'revoked' in item and item['revoked']: + # continue + # if 'x_mitre_deprecated' in item and item['x_mitre_deprecated']: + # continue + # print(json.dumps(item, indent=2, sort_keys=True, ensure_ascii=False)) try: # build the new data structure @@ -97,6 +159,7 @@ for domain in domains: uuid = re.search('--(.*)$', item['id']).group(0)[2:] # item exist already in the all_data set update = False + if uuid in all_data_uuid: value = all_data_uuid[uuid] @@ -130,12 +193,28 @@ for domain in domains: if 'kill_chain_phases' in item: # many (but not all) attack-patterns have this value['meta']['kill_chain'] = [] for killchain in item['kill_chain_phases']: - value['meta']['kill_chain'].append(killchain['kill_chain_name'] + ':' + killchain['phase_name']) + kill_chain_name = killchain['kill_chain_name'][6:] + phase_name = killchain['phase_name'] + if 'x_mitre_platforms' in item: + for platform in item['x_mitre_platforms']: + platform = platform.replace(' ', '-') + value['meta']['kill_chain'].append(f"{kill_chain_name}-{platform}:{phase_name}") + else: + value['meta']['kill_chain'].append(f"{kill_chain_name}:{phase_name}") if 'x_mitre_data_sources' in item: value['meta']['mitre_data_sources'] = item['x_mitre_data_sources'] if 'x_mitre_platforms' in item: value['meta']['mitre_platforms'] = item['x_mitre_platforms'] # TODO add the other x_mitre elements dynamically + # x_mitre_fields = [key for key in item.keys() if key.startswith('x_mitre')] + # skip_x_mitre_fields = ['x_mitre_aliases', 'x_mitre_version', 'x_mitre_old_attack_id', 'mitre_attack_spec_version'] + # for skip_field in skip_x_mitre_fields: + # try: + # x_mitre_fields.remove(skip_field) + # except ValueError: + # pass + # for x_mitre_field in x_mitre_fields: + # value['meta'][x_mitre_field[2:]] = item[x_mitre_field] # relationships will be build separately afterwards value['type'] = item['type'] # remove this before dump to json @@ -144,7 +223,7 @@ for domain in domains: # FIXME if 'x_mitre_deprecated' , 'revoked' all_data_uuid[uuid] = value - except Exception as e: + except Exception: print(json.dumps(item, sort_keys=True, indent=2)) import traceback traceback.print_exc() @@ -208,6 +287,8 @@ for domain in domains: # dump all_data to their respective file for t, meta_t in types.items(): + kill_chain_order = {} + fname = os.path.join(misp_dir, 'clusters', 'mitre-{}.json'.format(t)) if not os.path.exists(fname): exit("File {} does not exist, this is unexpected.".format(fname)) @@ -222,6 +303,11 @@ for t, meta_t in types.items(): item_2 = item.copy() item_2.pop('type', None) file_data['values'].append(item_2) + for kill_chains in item['meta'].get('kill_chain', []): + kill_chain_name, kill_chain_phase = kill_chains.split(':') + if kill_chain_name not in kill_chain_order: + kill_chain_order[kill_chain_name] = set() + kill_chain_order[kill_chain_name].add(kill_chain_phase) # FIXME the sort algo needs to be further improved, potentially with a recursive deep sort file_data['values'] = sorted(file_data['values'], key=lambda x: sorted(x['value'])) @@ -238,4 +324,36 @@ for t, meta_t in types.items(): json.dump(file_data, f, indent=2, sort_keys=True, ensure_ascii=False) f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things + # rebuild the galaxies file with kill_chains + # OK, this is really inefficient, but just the easiest way to get it done now + fname_galaxy = os.path.join(misp_dir, 'galaxies', 'mitre-{}.json'.format(t)) + if not os.path.exists(fname_galaxy): + exit("File {} does not exist, this is unexpected.".format(fname_galaxy)) + with open(fname_galaxy) as f_galaxy: + file_data_galaxy = json.load(f_galaxy) + + # sort the kill chain order in the right way, using the kill_chain_order_sort_order + kill_chain_order_sorted = {} + for kill_chain_name, kill_chain_phases in kill_chain_order.items(): + for kill_chain_order_sort_order_key in kill_chain_order_sort_order.keys(): + if kill_chain_name.startswith(kill_chain_order_sort_order_key): + try: + kill_chain_order_sorted[kill_chain_name] = sorted( + list(kill_chain_phases), + key=kill_chain_order_sort_order[kill_chain_order_sort_order_key].index) + except ValueError as e: + print("ERROR:") + print(f"- Kill chain: {kill_chain_name}") + print(f"- Kill chain phases: {kill_chain_phases}") + print(f"- Kill chain order sort order: {kill_chain_order_sort_order[kill_chain_order_sort_order_key]}") + exit(f"ERROR: kill_chain_order_sort_order does not contain a key for {kill_chain_name} - {e}. Please add it manually in the code.") + + if kill_chain_order_sorted: + file_data_galaxy['kill_chain_order'] = dict(sorted(kill_chain_order_sorted.items())) + file_data_galaxy['version'] += 1 + with open(fname_galaxy, 'w') as f_galaxy: + json.dump(file_data_galaxy, f_galaxy, indent=2, sort_keys=True, ensure_ascii=False) + f_galaxy.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things + + print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")