mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
196 lines
4.4 KiB
JSON
196 lines
4.4 KiB
JSON
{
|
|
"description": "ATT&CK Tactic",
|
|
"icon": "map",
|
|
"kill_chain_order": {
|
|
"attack-Azure-AD": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"impact"
|
|
],
|
|
"attack-Containers": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"impact"
|
|
],
|
|
"attack-Google-Workspace": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-IaaS": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-Linux": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-Network": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-Office-365": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-PRE": [
|
|
"reconnaissance",
|
|
"resource-development"
|
|
],
|
|
"attack-SaaS": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-Windows": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"attack-macOS": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact"
|
|
],
|
|
"mobile-attack-Android": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact",
|
|
"network-effects",
|
|
"remote-service-effects"
|
|
],
|
|
"mobile-attack-iOS": [
|
|
"initial-access",
|
|
"execution",
|
|
"persistence",
|
|
"privilege-escalation",
|
|
"defense-evasion",
|
|
"credential-access",
|
|
"discovery",
|
|
"lateral-movement",
|
|
"collection",
|
|
"command-and-control",
|
|
"exfiltration",
|
|
"impact",
|
|
"network-effects",
|
|
"remote-service-effects"
|
|
],
|
|
"pre-attack": [
|
|
"priority-definition-planning",
|
|
"priority-definition-direction",
|
|
"target-selection",
|
|
"technical-information-gathering",
|
|
"people-information-gathering",
|
|
"organizational-information-gathering",
|
|
"technical-weakness-identification",
|
|
"people-weakness-identification",
|
|
"organizational-weakness-identification",
|
|
"adversary-opsec",
|
|
"establish-&-maintain-infrastructure",
|
|
"persona-development",
|
|
"build-capabilities",
|
|
"test-capabilities",
|
|
"stage-capabilities",
|
|
"launch",
|
|
"compromise"
|
|
]
|
|
},
|
|
"name": "Attack Pattern",
|
|
"namespace": "mitre-attack",
|
|
"type": "mitre-attack-pattern",
|
|
"uuid": "c4e851fa-775f-11e7-8163-b774922098cd",
|
|
"version": 10
|
|
}
|