Enterprise Evaluation 2021

结果

ATT&CK 技术范围导航器

层文件Json

  1. {
  2. "name": "Wizard Spider and Sandworm",
  3. "versions": {
  4. "attack": "9",
  5. "navigator": "4.3",
  6. "layer": "4.2"
  7. },
  8. "domain": "enterprise-attack",
  9. "description": "",
  10. "filters": {
  11. "platforms": [
  12. "Linux",
  13. "Windows"
  14. ]
  15. },
  16. "sorting": 0,
  17. "layout": {
  18. "layout": "side",
  19. "aggregateFunction": "average",
  20. "showID": false,
  21. "showName": true,
  22. "showAggregateScores": false,
  23. "countUnscored": false
  24. },
  25. "hideDisabled": false,
  26. "techniques": [
  27. {
  28. "techniqueID": "T1136.002",
  29. "tactic": "persistence",
  30. "score": 1,
  31. "color": "",
  32. "comment": "",
  33. "enabled": true,
  34. "metadata": [],
  35. "showSubtechniques": false
  36. },
  37. {
  38. "techniqueID": "T1573.002",
  39. "tactic": "command-and-control",
  40. "score": 3,
  41. "color": "",
  42. "comment": "",
  43. "enabled": true,
  44. "metadata": [],
  45. "showSubtechniques": false
  46. },
  47. {
  48. "techniqueID": "T1133",
  49. "tactic": "persistence",
  50. "score": 3,
  51. "color": "",
  52. "comment": "",
  53. "enabled": true,
  54. "metadata": [],
  55. "showSubtechniques": false
  56. },
  57. {
  58. "techniqueID": "T1562.001",
  59. "tactic": "defense-evasion",
  60. "score": 3,
  61. "color": "",
  62. "comment": "",
  63. "enabled": true,
  64. "metadata": [],
  65. "showSubtechniques": false
  66. },
  67. {
  68. "techniqueID": "T1548",
  69. "tactic": "privilege-escalation",
  70. "score": 3,
  71. "color": "",
  72. "comment": "",
  73. "enabled": true,
  74. "metadata": [],
  75. "showSubtechniques": true
  76. },
  77. {
  78. "techniqueID": "T1548",
  79. "tactic": "defense-evasion",
  80. "score": 3,
  81. "color": "",
  82. "comment": "",
  83. "enabled": true,
  84. "metadata": [],
  85. "showSubtechniques": true
  86. },
  87. {
  88. "techniqueID": "T1548.001",
  89. "tactic": "privilege-escalation",
  90. "score": 1,
  91. "color": "",
  92. "comment": "",
  93. "enabled": true,
  94. "metadata": [],
  95. "showSubtechniques": false
  96. },
  97. {
  98. "techniqueID": "T1548.001",
  99. "tactic": "defense-evasion",
  100. "score": 1,
  101. "color": "",
  102. "comment": "",
  103. "enabled": true,
  104. "metadata": [],
  105. "showSubtechniques": false
  106. },
  107. {
  108. "techniqueID": "T1548.002",
  109. "tactic": "privilege-escalation",
  110. "score": 3,
  111. "color": "",
  112. "comment": "",
  113. "enabled": true,
  114. "metadata": [],
  115. "showSubtechniques": false
  116. },
  117. {
  118. "techniqueID": "T1548.002",
  119. "tactic": "defense-evasion",
  120. "score": 3,
  121. "color": "",
  122. "comment": "",
  123. "enabled": true,
  124. "metadata": [],
  125. "showSubtechniques": false
  126. },
  127. {
  128. "techniqueID": "T1134",
  129. "tactic": "defense-evasion",
  130. "score": 3,
  131. "color": "",
  132. "comment": "",
  133. "enabled": true,
  134. "metadata": [],
  135. "showSubtechniques": true
  136. },
  137. {
  138. "techniqueID": "T1134",
  139. "tactic": "privilege-escalation",
  140. "score": 3,
  141. "color": "",
  142. "comment": "",
  143. "enabled": true,
  144. "metadata": [],
  145. "showSubtechniques": true
  146. },
  147. {
  148. "techniqueID": "T1134.005",
  149. "tactic": "defense-evasion",
  150. "score": 1,
  151. "color": "",
  152. "comment": "",
  153. "enabled": true,
  154. "metadata": [],
  155. "showSubtechniques": false
  156. },
  157. {
  158. "techniqueID": "T1134.005",
  159. "tactic": "privilege-escalation",
  160. "score": 1,
  161. "color": "",
  162. "comment": "",
  163. "enabled": true,
  164. "metadata": [],
  165. "showSubtechniques": false
  166. },
  167. {
  168. "techniqueID": "T1087",
  169. "tactic": "discovery",
  170. "score": 3,
  171. "color": "",
  172. "comment": "",
  173. "enabled": true,
  174. "metadata": [],
  175. "showSubtechniques": true
  176. },
  177. {
  178. "techniqueID": "T1087.001",
  179. "tactic": "discovery",
  180. "score": 3,
  181. "color": "",
  182. "comment": "",
  183. "enabled": true,
  184. "metadata": [],
  185. "showSubtechniques": false
  186. },
  187. {
  188. "techniqueID": "T1087.002",
  189. "tactic": "discovery",
  190. "score": 3,
  191. "color": "",
  192. "comment": "",
  193. "enabled": true,
  194. "metadata": [],
  195. "showSubtechniques": false
  196. },
  197. {
  198. "techniqueID": "T1087.003",
  199. "tactic": "discovery",
  200. "score": 3,
  201. "color": "",
  202. "comment": "",
  203. "enabled": true,
  204. "metadata": [],
  205. "showSubtechniques": false
  206. },
  207. {
  208. "techniqueID": "T1098",
  209. "tactic": "persistence",
  210. "score": 1,
  211. "color": "",
  212. "comment": "",
  213. "enabled": true,
  214. "metadata": [],
  215. "showSubtechniques": true
  216. },
  217. {
  218. "techniqueID": "T1098.004",
  219. "tactic": "persistence",
  220. "score": 1,
  221. "color": "",
  222. "comment": "",
  223. "enabled": true,
  224. "metadata": [],
  225. "showSubtechniques": false
  226. },
  227. {
  228. "techniqueID": "T1071",
  229. "tactic": "command-and-control",
  230. "score": 3,
  231. "color": "",
  232. "comment": "",
  233. "enabled": true,
  234. "metadata": [],
  235. "showSubtechniques": true
  236. },
  237. {
  238. "techniqueID": "T1071.001",
  239. "tactic": "command-and-control",
  240. "score": 3,
  241. "color": "",
  242. "comment": "",
  243. "enabled": true,
  244. "metadata": [],
  245. "showSubtechniques": false
  246. },
  247. {
  248. "techniqueID": "T1560",
  249. "tactic": "collection",
  250. "score": 3,
  251. "color": "",
  252. "comment": "",
  253. "enabled": true,
  254. "metadata": [],
  255. "showSubtechniques": false
  256. },
  257. {
  258. "techniqueID": "T1547",
  259. "tactic": "persistence",
  260. "score": 3,
  261. "color": "",
  262. "comment": "",
  263. "enabled": true,
  264. "metadata": [],
  265. "showSubtechniques": true
  266. },
  267. {
  268. "techniqueID": "T1547",
  269. "tactic": "privilege-escalation",
  270. "score": 3,
  271. "color": "",
  272. "comment": "",
  273. "enabled": true,
  274. "metadata": [],
  275. "showSubtechniques": true
  276. },
  277. {
  278. "techniqueID": "T1547.001",
  279. "tactic": "persistence",
  280. "score": 3,
  281. "color": "",
  282. "comment": "",
  283. "enabled": true,
  284. "metadata": [],
  285. "showSubtechniques": false
  286. },
  287. {
  288. "techniqueID": "T1547.001",
  289. "tactic": "privilege-escalation",
  290. "score": 3,
  291. "color": "",
  292. "comment": "",
  293. "enabled": true,
  294. "metadata": [],
  295. "showSubtechniques": false
  296. },
  297. {
  298. "techniqueID": "T1547.005",
  299. "tactic": "persistence",
  300. "score": 3,
  301. "color": "",
  302. "comment": "",
  303. "enabled": true,
  304. "metadata": [],
  305. "showSubtechniques": false
  306. },
  307. {
  308. "techniqueID": "T1547.005",
  309. "tactic": "privilege-escalation",
  310. "score": 3,
  311. "color": "",
  312. "comment": "",
  313. "enabled": true,
  314. "metadata": [],
  315. "showSubtechniques": false
  316. },
  317. {
  318. "techniqueID": "T1547.006",
  319. "tactic": "persistence",
  320. "score": 1,
  321. "color": "",
  322. "comment": "",
  323. "enabled": true,
  324. "metadata": [],
  325. "showSubtechniques": false
  326. },
  327. {
  328. "techniqueID": "T1547.006",
  329. "tactic": "privilege-escalation",
  330. "score": 1,
  331. "color": "",
  332. "comment": "",
  333. "enabled": true,
  334. "metadata": [],
  335. "showSubtechniques": false
  336. },
  337. {
  338. "techniqueID": "T1547.009",
  339. "tactic": "persistence",
  340. "score": 1,
  341. "color": "",
  342. "comment": "",
  343. "enabled": true,
  344. "metadata": [],
  345. "showSubtechniques": false
  346. },
  347. {
  348. "techniqueID": "T1547.009",
  349. "tactic": "privilege-escalation",
  350. "score": 1,
  351. "color": "",
  352. "comment": "",
  353. "enabled": true,
  354. "metadata": [],
  355. "showSubtechniques": false
  356. },
  357. {
  358. "techniqueID": "T1037",
  359. "tactic": "persistence",
  360. "score": 1,
  361. "color": "",
  362. "comment": "",
  363. "enabled": true,
  364. "metadata": [],
  365. "showSubtechniques": true
  366. },
  367. {
  368. "techniqueID": "T1037",
  369. "tactic": "privilege-escalation",
  370. "score": 1,
  371. "color": "",
  372. "comment": "",
  373. "enabled": true,
  374. "metadata": [],
  375. "showSubtechniques": true
  376. },
  377. {
  378. "techniqueID": "T1037.004",
  379. "tactic": "persistence",
  380. "score": 1,
  381. "color": "",
  382. "comment": "",
  383. "enabled": true,
  384. "metadata": [],
  385. "showSubtechniques": false
  386. },
  387. {
  388. "techniqueID": "T1037.004",
  389. "tactic": "privilege-escalation",
  390. "score": 1,
  391. "color": "",
  392. "comment": "",
  393. "enabled": true,
  394. "metadata": [],
  395. "showSubtechniques": false
  396. },
  397. {
  398. "techniqueID": "T1059",
  399. "tactic": "execution",
  400. "score": 3,
  401. "color": "",
  402. "comment": "",
  403. "enabled": true,
  404. "metadata": [],
  405. "showSubtechniques": true
  406. },
  407. {
  408. "techniqueID": "T1059.001",
  409. "tactic": "execution",
  410. "score": 3,
  411. "color": "",
  412. "comment": "",
  413. "enabled": true,
  414. "metadata": [],
  415. "showSubtechniques": false
  416. },
  417. {
  418. "techniqueID": "T1059.003",
  419. "tactic": "execution",
  420. "score": 3,
  421. "color": "",
  422. "comment": "",
  423. "enabled": true,
  424. "metadata": [],
  425. "showSubtechniques": false
  426. },
  427. {
  428. "techniqueID": "T1059.004",
  429. "tactic": "execution",
  430. "score": 1,
  431. "color": "",
  432. "comment": "",
  433. "enabled": true,
  434. "metadata": [],
  435. "showSubtechniques": false
  436. },
  437. {
  438. "techniqueID": "T1059.005",
  439. "tactic": "execution",
  440. "score": 3,
  441. "color": "",
  442. "comment": "",
  443. "enabled": true,
  444. "metadata": [],
  445. "showSubtechniques": false
  446. },
  447. {
  448. "techniqueID": "T1059.006",
  449. "tactic": "execution",
  450. "score": 1,
  451. "color": "",
  452. "comment": "",
  453. "enabled": true,
  454. "metadata": [],
  455. "showSubtechniques": false
  456. },
  457. {
  458. "techniqueID": "T1554",
  459. "tactic": "persistence",
  460. "score": 1,
  461. "color": "",
  462. "comment": "",
  463. "enabled": true,
  464. "metadata": [],
  465. "showSubtechniques": false
  466. },
  467. {
  468. "techniqueID": "T1136",
  469. "tactic": "persistence",
  470. "score": 1,
  471. "color": "",
  472. "comment": "",
  473. "enabled": true,
  474. "metadata": [],
  475. "showSubtechniques": true
  476. },
  477. {
  478. "techniqueID": "T1136.001",
  479. "tactic": "persistence",
  480. "score": 1,
  481. "color": "",
  482. "comment": "",
  483. "enabled": true,
  484. "metadata": [],
  485. "showSubtechniques": false
  486. },
  487. {
  488. "techniqueID": "T1543",
  489. "tactic": "persistence",
  490. "score": 3,
  491. "color": "",
  492. "comment": "",
  493. "enabled": true,
  494. "metadata": [],
  495. "showSubtechniques": true
  496. },
  497. {
  498. "techniqueID": "T1543",
  499. "tactic": "privilege-escalation",
  500. "score": 3,
  501. "color": "",
  502. "comment": "",
  503. "enabled": true,
  504. "metadata": [],
  505. "showSubtechniques": true
  506. },
  507. {
  508. "techniqueID": "T1543.002",
  509. "tactic": "persistence",
  510. "score": 1,
  511. "color": "",
  512. "comment": "",
  513. "enabled": true,
  514. "metadata": [],
  515. "showSubtechniques": false
  516. },
  517. {
  518. "techniqueID": "T1543.002",
  519. "tactic": "privilege-escalation",
  520. "score": 1,
  521. "color": "",
  522. "comment": "",
  523. "enabled": true,
  524. "metadata": [],
  525. "showSubtechniques": false
  526. },
  527. {
  528. "techniqueID": "T1543.003",
  529. "tactic": "persistence",
  530. "score": 3,
  531. "color": "",
  532. "comment": "",
  533. "enabled": true,
  534. "metadata": [],
  535. "showSubtechniques": false
  536. },
  537. {
  538. "techniqueID": "T1543.003",
  539. "tactic": "privilege-escalation",
  540. "score": 3,
  541. "color": "",
  542. "comment": "",
  543. "enabled": true,
  544. "metadata": [],
  545. "showSubtechniques": false
  546. },
  547. {
  548. "techniqueID": "T1555",
  549. "tactic": "credential-access",
  550. "score": 3,
  551. "color": "",
  552. "comment": "",
  553. "enabled": true,
  554. "metadata": [],
  555. "showSubtechniques": true
  556. },
  557. {
  558. "techniqueID": "T1555.003",
  559. "tactic": "credential-access",
  560. "score": 3,
  561. "color": "",
  562. "comment": "",
  563. "enabled": true,
  564. "metadata": [],
  565. "showSubtechniques": false
  566. },
  567. {
  568. "techniqueID": "T1555.004",
  569. "tactic": "credential-access",
  570. "score": 3,
  571. "color": "",
  572. "comment": "",
  573. "enabled": true,
  574. "metadata": [],
  575. "showSubtechniques": false
  576. },
  577. {
  578. "techniqueID": "T1485",
  579. "tactic": "impact",
  580. "score": 1,
  581. "color": "",
  582. "comment": "",
  583. "enabled": true,
  584. "metadata": [],
  585. "showSubtechniques": false
  586. },
  587. {
  588. "techniqueID": "T1132",
  589. "tactic": "command-and-control",
  590. "score": 3,
  591. "color": "",
  592. "comment": "",
  593. "enabled": true,
  594. "metadata": [],
  595. "showSubtechniques": true
  596. },
  597. {
  598. "techniqueID": "T1132.001",
  599. "tactic": "command-and-control",
  600. "score": 3,
  601. "color": "",
  602. "comment": "",
  603. "enabled": true,
  604. "metadata": [],
  605. "showSubtechniques": false
  606. },
  607. {
  608. "techniqueID": "T1486",
  609. "tactic": "impact",
  610. "score": 3,
  611. "color": "",
  612. "comment": "",
  613. "enabled": true,
  614. "metadata": [],
  615. "showSubtechniques": false
  616. },
  617. {
  618. "techniqueID": "T1074",
  619. "tactic": "collection",
  620. "score": 3,
  621. "color": "",
  622. "comment": "",
  623. "enabled": true,
  624. "metadata": [],
  625. "showSubtechniques": true
  626. },
  627. {
  628. "techniqueID": "T1074.001",
  629. "tactic": "collection",
  630. "score": 1,
  631. "color": "",
  632. "comment": "",
  633. "enabled": true,
  634. "metadata": [],
  635. "showSubtechniques": false
  636. },
  637. {
  638. "techniqueID": "T1005",
  639. "tactic": "collection",
  640. "score": 3,
  641. "color": "",
  642. "comment": "",
  643. "enabled": true,
  644. "metadata": [],
  645. "showSubtechniques": false
  646. },
  647. {
  648. "techniqueID": "T1140",
  649. "tactic": "defense-evasion",
  650. "score": 3,
  651. "color": "",
  652. "comment": "",
  653. "enabled": true,
  654. "metadata": [],
  655. "showSubtechniques": false
  656. },
  657. {
  658. "techniqueID": "T1561",
  659. "tactic": "impact",
  660. "score": 1,
  661. "color": "",
  662. "comment": "",
  663. "enabled": true,
  664. "metadata": [],
  665. "showSubtechniques": true
  666. },
  667. {
  668. "techniqueID": "T1484",
  669. "tactic": "defense-evasion",
  670. "score": 1,
  671. "color": "",
  672. "comment": "",
  673. "enabled": true,
  674. "metadata": [],
  675. "showSubtechniques": true
  676. },
  677. {
  678. "techniqueID": "T1484",
  679. "tactic": "privilege-escalation",
  680. "score": 1,
  681. "color": "",
  682. "comment": "",
  683. "enabled": true,
  684. "metadata": [],
  685. "showSubtechniques": true
  686. },
  687. {
  688. "techniqueID": "T1484.001",
  689. "tactic": "defense-evasion",
  690. "score": 1,
  691. "color": "",
  692. "comment": "",
  693. "enabled": true,
  694. "metadata": [],
  695. "showSubtechniques": false
  696. },
  697. {
  698. "techniqueID": "T1484.001",
  699. "tactic": "privilege-escalation",
  700. "score": 1,
  701. "color": "",
  702. "comment": "",
  703. "enabled": true,
  704. "metadata": [],
  705. "showSubtechniques": false
  706. },
  707. {
  708. "techniqueID": "T1114",
  709. "tactic": "collection",
  710. "score": 2,
  711. "color": "",
  712. "comment": "",
  713. "enabled": true,
  714. "metadata": [],
  715. "showSubtechniques": true
  716. },
  717. {
  718. "techniqueID": "T1573",
  719. "tactic": "command-and-control",
  720. "score": 3,
  721. "color": "",
  722. "comment": "",
  723. "enabled": true,
  724. "metadata": [],
  725. "showSubtechniques": true
  726. },
  727. {
  728. "techniqueID": "T1499",
  729. "tactic": "impact",
  730. "score": 1,
  731. "color": "",
  732. "comment": "",
  733. "enabled": true,
  734. "metadata": [],
  735. "showSubtechniques": false
  736. },
  737. {
  738. "techniqueID": "T1041",
  739. "tactic": "exfiltration",
  740. "score": 3,
  741. "color": "",
  742. "comment": "",
  743. "enabled": true,
  744. "metadata": [],
  745. "showSubtechniques": false
  746. },
  747. {
  748. "techniqueID": "T1008",
  749. "tactic": "command-and-control",
  750. "score": 3,
  751. "color": "",
  752. "comment": "",
  753. "enabled": true,
  754. "metadata": [],
  755. "showSubtechniques": false
  756. },
  757. {
  758. "techniqueID": "T1083",
  759. "tactic": "discovery",
  760. "score": 3,
  761. "color": "",
  762. "comment": "",
  763. "enabled": true,
  764. "metadata": [],
  765. "showSubtechniques": false
  766. },
  767. {
  768. "techniqueID": "T1574",
  769. "tactic": "persistence",
  770. "score": 3,
  771. "color": "",
  772. "comment": "",
  773. "enabled": true,
  774. "metadata": [],
  775. "showSubtechniques": true
  776. },
  777. {
  778. "techniqueID": "T1574",
  779. "tactic": "privilege-escalation",
  780. "score": 3,
  781. "color": "",
  782. "comment": "",
  783. "enabled": true,
  784. "metadata": [],
  785. "showSubtechniques": true
  786. },
  787. {
  788. "techniqueID": "T1574",
  789. "tactic": "defense-evasion",
  790. "score": 3,
  791. "color": "",
  792. "comment": "",
  793. "enabled": true,
  794. "metadata": [],
  795. "showSubtechniques": true
  796. },
  797. {
  798. "techniqueID": "T1574.010",
  799. "tactic": "persistence",
  800. "score": 1,
  801. "color": "",
  802. "comment": "",
  803. "enabled": true,
  804. "metadata": [],
  805. "showSubtechniques": false
  806. },
  807. {
  808. "techniqueID": "T1574.010",
  809. "tactic": "privilege-escalation",
  810. "score": 1,
  811. "color": "",
  812. "comment": "",
  813. "enabled": true,
  814. "metadata": [],
  815. "showSubtechniques": false
  816. },
  817. {
  818. "techniqueID": "T1574.010",
  819. "tactic": "defense-evasion",
  820. "score": 1,
  821. "color": "",
  822. "comment": "",
  823. "enabled": true,
  824. "metadata": [],
  825. "showSubtechniques": false
  826. },
  827. {
  828. "techniqueID": "T1562",
  829. "tactic": "defense-evasion",
  830. "score": 3,
  831. "color": "",
  832. "comment": "",
  833. "enabled": true,
  834. "metadata": [],
  835. "showSubtechniques": true
  836. },
  837. {
  838. "techniqueID": "T1070",
  839. "tactic": "defense-evasion",
  840. "score": 3,
  841. "color": "",
  842. "comment": "",
  843. "enabled": true,
  844. "metadata": [],
  845. "showSubtechniques": true
  846. },
  847. {
  848. "techniqueID": "T1070.001",
  849. "tactic": "defense-evasion",
  850. "score": 1,
  851. "color": "",
  852. "comment": "",
  853. "enabled": true,
  854. "metadata": [],
  855. "showSubtechniques": false
  856. },
  857. {
  858. "techniqueID": "T1070.002",
  859. "tactic": "defense-evasion",
  860. "score": 1,
  861. "color": "",
  862. "comment": "",
  863. "enabled": true,
  864. "metadata": [],
  865. "showSubtechniques": false
  866. },
  867. {
  868. "techniqueID": "T1070.004",
  869. "tactic": "defense-evasion",
  870. "score": 3,
  871. "color": "",
  872. "comment": "",
  873. "enabled": true,
  874. "metadata": [],
  875. "showSubtechniques": false
  876. },
  877. {
  878. "techniqueID": "T1105",
  879. "tactic": "command-and-control",
  880. "score": 3,
  881. "color": "",
  882. "comment": "",
  883. "enabled": true,
  884. "metadata": [],
  885. "showSubtechniques": false
  886. },
  887. {
  888. "techniqueID": "T1490",
  889. "tactic": "impact",
  890. "score": 3,
  891. "color": "",
  892. "comment": "",
  893. "enabled": true,
  894. "metadata": [],
  895. "showSubtechniques": false
  896. },
  897. {
  898. "techniqueID": "T1056",
  899. "tactic": "collection",
  900. "score": 3,
  901. "color": "",
  902. "comment": "",
  903. "enabled": true,
  904. "metadata": [],
  905. "showSubtechniques": true
  906. },
  907. {
  908. "techniqueID": "T1056",
  909. "tactic": "credential-access",
  910. "score": 3,
  911. "color": "",
  912. "comment": "",
  913. "enabled": true,
  914. "metadata": [],
  915. "showSubtechniques": true
  916. },
  917. {
  918. "techniqueID": "T1056.001",
  919. "tactic": "collection",
  920. "score": 3,
  921. "color": "",
  922. "comment": "",
  923. "enabled": true,
  924. "metadata": [],
  925. "showSubtechniques": false
  926. },
  927. {
  928. "techniqueID": "T1056.001",
  929. "tactic": "credential-access",
  930. "score": 3,
  931. "color": "",
  932. "comment": "",
  933. "enabled": true,
  934. "metadata": [],
  935. "showSubtechniques": false
  936. },
  937. {
  938. "techniqueID": "T1570",
  939. "tactic": "lateral-movement",
  940. "score": 3,
  941. "color": "",
  942. "comment": "",
  943. "enabled": true,
  944. "metadata": [],
  945. "showSubtechniques": false
  946. },
  947. {
  948. "techniqueID": "T1557",
  949. "tactic": "collection",
  950. "score": 2,
  951. "color": "",
  952. "comment": "",
  953. "enabled": true,
  954. "metadata": [],
  955. "showSubtechniques": true
  956. },
  957. {
  958. "techniqueID": "T1036",
  959. "tactic": "defense-evasion",
  960. "score": 3,
  961. "color": "",
  962. "comment": "",
  963. "enabled": true,
  964. "metadata": [],
  965. "showSubtechniques": true
  966. },
  967. {
  968. "techniqueID": "T1036.004",
  969. "tactic": "defense-evasion",
  970. "score": 3,
  971. "color": "",
  972. "comment": "",
  973. "enabled": true,
  974. "metadata": [],
  975. "showSubtechniques": false
  976. },
  977. {
  978. "techniqueID": "T1036.005",
  979. "tactic": "defense-evasion",
  980. "score": 3,
  981. "color": "",
  982. "comment": "",
  983. "enabled": true,
  984. "metadata": [],
  985. "showSubtechniques": false
  986. },
  987. {
  988. "techniqueID": "T1112",
  989. "tactic": "defense-evasion",
  990. "score": 3,
  991. "color": "",
  992. "comment": "",
  993. "enabled": true,
  994. "metadata": [],
  995. "showSubtechniques": false
  996. },
  997. {
  998. "techniqueID": "T1106",
  999. "tactic": "execution",
  1000. "score": 3,
  1001. "color": "",
  1002. "comment": "",
  1003. "enabled": true,
  1004. "metadata": [],
  1005. "showSubtechniques": false
  1006. },
  1007. {
  1008. "techniqueID": "T1046",
  1009. "tactic": "discovery",
  1010. "score": 1,
  1011. "color": "",
  1012. "comment": "",
  1013. "enabled": true,
  1014. "metadata": [],
  1015. "showSubtechniques": false
  1016. },
  1017. {
  1018. "techniqueID": "T1135",
  1019. "tactic": "discovery",
  1020. "score": 3,
  1021. "color": "",
  1022. "comment": "",
  1023. "enabled": true,
  1024. "metadata": [],
  1025. "showSubtechniques": false
  1026. },
  1027. {
  1028. "techniqueID": "T1040",
  1029. "tactic": "credential-access",
  1030. "score": 3,
  1031. "color": "",
  1032. "comment": "",
  1033. "enabled": true,
  1034. "metadata": [],
  1035. "showSubtechniques": false
  1036. },
  1037. {
  1038. "techniqueID": "T1040",
  1039. "tactic": "discovery",
  1040. "score": 3,
  1041. "color": "",
  1042. "comment": "",
  1043. "enabled": true,
  1044. "metadata": [],
  1045. "showSubtechniques": false
  1046. },
  1047. {
  1048. "techniqueID": "T1571",
  1049. "tactic": "command-and-control",
  1050. "score": 3,
  1051. "color": "",
  1052. "comment": "",
  1053. "enabled": true,
  1054. "metadata": [],
  1055. "showSubtechniques": false
  1056. },
  1057. {
  1058. "techniqueID": "T1003",
  1059. "tactic": "credential-access",
  1060. "score": 3,
  1061. "color": "",
  1062. "comment": "",
  1063. "enabled": true,
  1064. "metadata": [],
  1065. "showSubtechniques": true
  1066. },
  1067. {
  1068. "techniqueID": "T1003.001",
  1069. "tactic": "credential-access",
  1070. "score": 3,
  1071. "color": "",
  1072. "comment": "",
  1073. "enabled": true,
  1074. "metadata": [],
  1075. "showSubtechniques": false
  1076. },
  1077. {
  1078. "techniqueID": "T1003.002",
  1079. "tactic": "credential-access",
  1080. "score": 3,
  1081. "color": "",
  1082. "comment": "",
  1083. "enabled": true,
  1084. "metadata": [],
  1085. "showSubtechniques": false
  1086. },
  1087. {
  1088. "techniqueID": "T1003.008",
  1089. "tactic": "credential-access",
  1090. "score": 1,
  1091. "color": "",
  1092. "comment": "",
  1093. "enabled": true,
  1094. "metadata": [],
  1095. "showSubtechniques": false
  1096. },
  1097. {
  1098. "techniqueID": "T1003.004",
  1099. "tactic": "credential-access",
  1100. "score": 1,
  1101. "color": "",
  1102. "comment": "",
  1103. "enabled": true,
  1104. "metadata": [],
  1105. "showSubtechniques": false
  1106. },
  1107. {
  1108. "techniqueID": "T1027",
  1109. "tactic": "defense-evasion",
  1110. "score": 3,
  1111. "color": "",
  1112. "comment": "",
  1113. "enabled": true,
  1114. "metadata": [],
  1115. "showSubtechniques": true
  1116. },
  1117. {
  1118. "techniqueID": "T1120",
  1119. "tactic": "discovery",
  1120. "score": 1,
  1121. "color": "",
  1122. "comment": "",
  1123. "enabled": true,
  1124. "metadata": [],
  1125. "showSubtechniques": false
  1126. },
  1127. {
  1128. "techniqueID": "T1057",
  1129. "tactic": "discovery",
  1130. "score": 3,
  1131. "color": "",
  1132. "comment": "",
  1133. "enabled": true,
  1134. "metadata": [],
  1135. "showSubtechniques": false
  1136. },
  1137. {
  1138. "techniqueID": "T1055",
  1139. "tactic": "defense-evasion",
  1140. "score": 3,
  1141. "color": "",
  1142. "comment": "",
  1143. "enabled": true,
  1144. "metadata": [],
  1145. "showSubtechniques": true
  1146. },
  1147. {
  1148. "techniqueID": "T1055",
  1149. "tactic": "privilege-escalation",
  1150. "score": 3,
  1151. "color": "",
  1152. "comment": "",
  1153. "enabled": true,
  1154. "metadata": [],
  1155. "showSubtechniques": true
  1156. },
  1157. {
  1158. "techniqueID": "T1055.001",
  1159. "tactic": "defense-evasion",
  1160. "score": 3,
  1161. "color": "",
  1162. "comment": "",
  1163. "enabled": true,
  1164. "metadata": [],
  1165. "showSubtechniques": false
  1166. },
  1167. {
  1168. "techniqueID": "T1055.001",
  1169. "tactic": "privilege-escalation",
  1170. "score": 3,
  1171. "color": "",
  1172. "comment": "",
  1173. "enabled": true,
  1174. "metadata": [],
  1175. "showSubtechniques": false
  1176. },
  1177. {
  1178. "techniqueID": "T1572",
  1179. "tactic": "command-and-control",
  1180. "score": 1,
  1181. "color": "",
  1182. "comment": "",
  1183. "enabled": true,
  1184. "metadata": [],
  1185. "showSubtechniques": false
  1186. },
  1187. {
  1188. "techniqueID": "T1090",
  1189. "tactic": "command-and-control",
  1190. "score": 1,
  1191. "color": "",
  1192. "comment": "",
  1193. "enabled": true,
  1194. "metadata": [],
  1195. "showSubtechniques": false
  1196. },
  1197. {
  1198. "techniqueID": "T1219",
  1199. "tactic": "command-and-control",
  1200. "score": 3,
  1201. "color": "",
  1202. "comment": "",
  1203. "enabled": true,
  1204. "metadata": [],
  1205. "showSubtechniques": false
  1206. },
  1207. {
  1208. "techniqueID": "T1021",
  1209. "tactic": "lateral-movement",
  1210. "score": 3,
  1211. "color": "",
  1212. "comment": "",
  1213. "enabled": true,
  1214. "metadata": [],
  1215. "showSubtechniques": true
  1216. },
  1217. {
  1218. "techniqueID": "T1021.002",
  1219. "tactic": "lateral-movement",
  1220. "score": 3,
  1221. "color": "",
  1222. "comment": "",
  1223. "enabled": true,
  1224. "metadata": [],
  1225. "showSubtechniques": false
  1226. },
  1227. {
  1228. "techniqueID": "T1021.004",
  1229. "tactic": "lateral-movement",
  1230. "score": 1,
  1231. "color": "",
  1232. "comment": "",
  1233. "enabled": true,
  1234. "metadata": [],
  1235. "showSubtechniques": false
  1236. },
  1237. {
  1238. "techniqueID": "T1021.006",
  1239. "tactic": "lateral-movement",
  1240. "score": 3,
  1241. "color": "",
  1242. "comment": "",
  1243. "enabled": true,
  1244. "metadata": [],
  1245. "showSubtechniques": false
  1246. },
  1247. {
  1248. "techniqueID": "T1018",
  1249. "tactic": "discovery",
  1250. "score": 3,
  1251. "color": "",
  1252. "comment": "",
  1253. "enabled": true,
  1254. "metadata": [],
  1255. "showSubtechniques": false
  1256. },
  1257. {
  1258. "techniqueID": "T1053",
  1259. "tactic": "execution",
  1260. "score": 3,
  1261. "color": "",
  1262. "comment": "",
  1263. "enabled": true,
  1264. "metadata": [],
  1265. "showSubtechniques": true
  1266. },
  1267. {
  1268. "techniqueID": "T1053",
  1269. "tactic": "persistence",
  1270. "score": 3,
  1271. "color": "",
  1272. "comment": "",
  1273. "enabled": true,
  1274. "metadata": [],
  1275. "showSubtechniques": true
  1276. },
  1277. {
  1278. "techniqueID": "T1053",
  1279. "tactic": "privilege-escalation",
  1280. "score": 3,
  1281. "color": "",
  1282. "comment": "",
  1283. "enabled": true,
  1284. "metadata": [],
  1285. "showSubtechniques": true
  1286. },
  1287. {
  1288. "techniqueID": "T1053.005",
  1289. "tactic": "execution",
  1290. "score": 3,
  1291. "color": "",
  1292. "comment": "",
  1293. "enabled": true,
  1294. "metadata": [],
  1295. "showSubtechniques": false
  1296. },
  1297. {
  1298. "techniqueID": "T1053.005",
  1299. "tactic": "persistence",
  1300. "score": 3,
  1301. "color": "",
  1302. "comment": "",
  1303. "enabled": true,
  1304. "metadata": [],
  1305. "showSubtechniques": false
  1306. },
  1307. {
  1308. "techniqueID": "T1053.005",
  1309. "tactic": "privilege-escalation",
  1310. "score": 3,
  1311. "color": "",
  1312. "comment": "",
  1313. "enabled": true,
  1314. "metadata": [],
  1315. "showSubtechniques": false
  1316. },
  1317. {
  1318. "techniqueID": "T1053.004",
  1319. "tactic": "execution",
  1320. "score": 1,
  1321. "color": "",
  1322. "comment": "",
  1323. "enabled": true,
  1324. "metadata": [],
  1325. "showSubtechniques": false
  1326. },
  1327. {
  1328. "techniqueID": "T1053.004",
  1329. "tactic": "persistence",
  1330. "score": 1,
  1331. "color": "",
  1332. "comment": "",
  1333. "enabled": true,
  1334. "metadata": [],
  1335. "showSubtechniques": false
  1336. },
  1337. {
  1338. "techniqueID": "T1053.004",
  1339. "tactic": "privilege-escalation",
  1340. "score": 1,
  1341. "color": "",
  1342. "comment": "",
  1343. "enabled": true,
  1344. "metadata": [],
  1345. "showSubtechniques": false
  1346. },
  1347. {
  1348. "techniqueID": "T1053.003",
  1349. "tactic": "execution",
  1350. "score": 1,
  1351. "color": "",
  1352. "comment": "",
  1353. "enabled": true,
  1354. "metadata": [],
  1355. "showSubtechniques": false
  1356. },
  1357. {
  1358. "techniqueID": "T1053.003",
  1359. "tactic": "persistence",
  1360. "score": 1,
  1361. "color": "",
  1362. "comment": "",
  1363. "enabled": true,
  1364. "metadata": [],
  1365. "showSubtechniques": false
  1366. },
  1367. {
  1368. "techniqueID": "T1053.003",
  1369. "tactic": "privilege-escalation",
  1370. "score": 1,
  1371. "color": "",
  1372. "comment": "",
  1373. "enabled": true,
  1374. "metadata": [],
  1375. "showSubtechniques": false
  1376. },
  1377. {
  1378. "techniqueID": "T1113",
  1379. "tactic": "collection",
  1380. "score": 3,
  1381. "color": "",
  1382. "comment": "",
  1383. "enabled": true,
  1384. "metadata": [],
  1385. "showSubtechniques": false
  1386. },
  1387. {
  1388. "techniqueID": "T1505.003",
  1389. "tactic": "persistence",
  1390. "score": 1,
  1391. "color": "",
  1392. "comment": "",
  1393. "enabled": true,
  1394. "metadata": [],
  1395. "showSubtechniques": false
  1396. },
  1397. {
  1398. "techniqueID": "T1489",
  1399. "tactic": "impact",
  1400. "score": 3,
  1401. "color": "",
  1402. "comment": "",
  1403. "enabled": true,
  1404. "metadata": [],
  1405. "showSubtechniques": false
  1406. },
  1407. {
  1408. "techniqueID": "T1218",
  1409. "tactic": "defense-evasion",
  1410. "score": 3,
  1411. "color": "",
  1412. "comment": "",
  1413. "enabled": true,
  1414. "metadata": [],
  1415. "showSubtechniques": true
  1416. },
  1417. {
  1418. "techniqueID": "T1218.011",
  1419. "tactic": "defense-evasion",
  1420. "score": 3,
  1421. "color": "",
  1422. "comment": "",
  1423. "enabled": true,
  1424. "metadata": [],
  1425. "showSubtechniques": false
  1426. },
  1427. {
  1428. "techniqueID": "T1072",
  1429. "tactic": "execution",
  1430. "score": 1,
  1431. "color": "",
  1432. "comment": "",
  1433. "enabled": true,
  1434. "metadata": [],
  1435. "showSubtechniques": false
  1436. },
  1437. {
  1438. "techniqueID": "T1072",
  1439. "tactic": "lateral-movement",
  1440. "score": 1,
  1441. "color": "",
  1442. "comment": "",
  1443. "enabled": true,
  1444. "metadata": [],
  1445. "showSubtechniques": false
  1446. },
  1447. {
  1448. "techniqueID": "T1518",
  1449. "tactic": "discovery",
  1450. "score": 3,
  1451. "color": "",
  1452. "comment": "",
  1453. "enabled": true,
  1454. "metadata": [],
  1455. "showSubtechniques": true
  1456. },
  1457. {
  1458. "techniqueID": "T1518.001",
  1459. "tactic": "discovery",
  1460. "score": 3,
  1461. "color": "",
  1462. "comment": "",
  1463. "enabled": true,
  1464. "metadata": [],
  1465. "showSubtechniques": false
  1466. },
  1467. {
  1468. "techniqueID": "T1558",
  1469. "tactic": "credential-access",
  1470. "score": 3,
  1471. "color": "",
  1472. "comment": "",
  1473. "enabled": true,
  1474. "metadata": [],
  1475. "showSubtechniques": true
  1476. },
  1477. {
  1478. "techniqueID": "T1553",
  1479. "tactic": "defense-evasion",
  1480. "score": 3,
  1481. "color": "",
  1482. "comment": "",
  1483. "enabled": true,
  1484. "metadata": [],
  1485. "showSubtechniques": true
  1486. },
  1487. {
  1488. "techniqueID": "T1553.006",
  1489. "tactic": "defense-evasion",
  1490. "score": 1,
  1491. "color": "",
  1492. "comment": "",
  1493. "enabled": true,
  1494. "metadata": [],
  1495. "showSubtechniques": false
  1496. },
  1497. {
  1498. "techniqueID": "T1082",
  1499. "tactic": "discovery",
  1500. "score": 3,
  1501. "color": "",
  1502. "comment": "",
  1503. "enabled": true,
  1504. "metadata": [],
  1505. "showSubtechniques": false
  1506. },
  1507. {
  1508. "techniqueID": "T1016",
  1509. "tactic": "discovery",
  1510. "score": 3,
  1511. "color": "",
  1512. "comment": "",
  1513. "enabled": true,
  1514. "metadata": [],
  1515. "showSubtechniques": false
  1516. },
  1517. {
  1518. "techniqueID": "T1049",
  1519. "tactic": "discovery",
  1520. "score": 3,
  1521. "color": "",
  1522. "comment": "",
  1523. "enabled": true,
  1524. "metadata": [],
  1525. "showSubtechniques": false
  1526. },
  1527. {
  1528. "techniqueID": "T1033",
  1529. "tactic": "discovery",
  1530. "score": 3,
  1531. "color": "",
  1532. "comment": "",
  1533. "enabled": true,
  1534. "metadata": [],
  1535. "showSubtechniques": false
  1536. },
  1537. {
  1538. "techniqueID": "T1569",
  1539. "tactic": "execution",
  1540. "score": 3,
  1541. "color": "",
  1542. "comment": "",
  1543. "enabled": true,
  1544. "metadata": [],
  1545. "showSubtechniques": true
  1546. },
  1547. {
  1548. "techniqueID": "T1569.002",
  1549. "tactic": "execution",
  1550. "score": 3,
  1551. "color": "",
  1552. "comment": "",
  1553. "enabled": true,
  1554. "metadata": [],
  1555. "showSubtechniques": false
  1556. },
  1557. {
  1558. "techniqueID": "T1529",
  1559. "tactic": "impact",
  1560. "score": 3,
  1561. "color": "",
  1562. "comment": "",
  1563. "enabled": true,
  1564. "metadata": [],
  1565. "showSubtechniques": false
  1566. },
  1567. {
  1568. "techniqueID": "T1552",
  1569. "tactic": "credential-access",
  1570. "score": 3,
  1571. "color": "",
  1572. "comment": "",
  1573. "enabled": true,
  1574. "metadata": [],
  1575. "showSubtechniques": true
  1576. },
  1577. {
  1578. "techniqueID": "T1552.001",
  1579. "tactic": "credential-access",
  1580. "score": 3,
  1581. "color": "",
  1582. "comment": "",
  1583. "enabled": true,
  1584. "metadata": [],
  1585. "showSubtechniques": false
  1586. },
  1587. {
  1588. "techniqueID": "T1552.003",
  1589. "tactic": "credential-access",
  1590. "score": 1,
  1591. "color": "",
  1592. "comment": "",
  1593. "enabled": true,
  1594. "metadata": [],
  1595. "showSubtechniques": false
  1596. },
  1597. {
  1598. "techniqueID": "T1552.004",
  1599. "tactic": "credential-access",
  1600. "score": 1,
  1601. "color": "",
  1602. "comment": "",
  1603. "enabled": true,
  1604. "metadata": [],
  1605. "showSubtechniques": false
  1606. },
  1607. {
  1608. "techniqueID": "T1550",
  1609. "tactic": "defense-evasion",
  1610. "score": 3,
  1611. "color": "",
  1612. "comment": "",
  1613. "enabled": true,
  1614. "metadata": [],
  1615. "showSubtechniques": true
  1616. },
  1617. {
  1618. "techniqueID": "T1550",
  1619. "tactic": "lateral-movement",
  1620. "score": 3,
  1621. "color": "",
  1622. "comment": "",
  1623. "enabled": true,
  1624. "metadata": [],
  1625. "showSubtechniques": true
  1626. },
  1627. {
  1628. "techniqueID": "T1550.002",
  1629. "tactic": "defense-evasion",
  1630. "score": 3,
  1631. "color": "",
  1632. "comment": "",
  1633. "enabled": true,
  1634. "metadata": [],
  1635. "showSubtechniques": false
  1636. },
  1637. {
  1638. "techniqueID": "T1550.002",
  1639. "tactic": "lateral-movement",
  1640. "score": 3,
  1641. "color": "",
  1642. "comment": "",
  1643. "enabled": true,
  1644. "metadata": [],
  1645. "showSubtechniques": false
  1646. },
  1647. {
  1648. "techniqueID": "T1204",
  1649. "tactic": "execution",
  1650. "score": 3,
  1651. "color": "",
  1652. "comment": "",
  1653. "enabled": true,
  1654. "metadata": [],
  1655. "showSubtechniques": true
  1656. },
  1657. {
  1658. "techniqueID": "T1204.001",
  1659. "tactic": "execution",
  1660. "score": 3,
  1661. "color": "",
  1662. "comment": "",
  1663. "enabled": true,
  1664. "metadata": [],
  1665. "showSubtechniques": false
  1666. },
  1667. {
  1668. "techniqueID": "T1204.002",
  1669. "tactic": "execution",
  1670. "score": 3,
  1671. "color": "",
  1672. "comment": "",
  1673. "enabled": true,
  1674. "metadata": [],
  1675. "showSubtechniques": false
  1676. },
  1677. {
  1678. "techniqueID": "T1078",
  1679. "tactic": "defense-evasion",
  1680. "score": 3,
  1681. "color": "",
  1682. "comment": "",
  1683. "enabled": true,
  1684. "metadata": [],
  1685. "showSubtechniques": true
  1686. },
  1687. {
  1688. "techniqueID": "T1078",
  1689. "tactic": "persistence",
  1690. "score": 3,
  1691. "color": "",
  1692. "comment": "",
  1693. "enabled": true,
  1694. "metadata": [],
  1695. "showSubtechniques": true
  1696. },
  1697. {
  1698. "techniqueID": "T1078",
  1699. "tactic": "privilege-escalation",
  1700. "score": 3,
  1701. "color": "",
  1702. "comment": "",
  1703. "enabled": true,
  1704. "metadata": [],
  1705. "showSubtechniques": true
  1706. },
  1707. {
  1708. "techniqueID": "T1078.001",
  1709. "tactic": "defense-evasion",
  1710. "score": 1,
  1711. "color": "",
  1712. "comment": "",
  1713. "enabled": true,
  1714. "metadata": [],
  1715. "showSubtechniques": false
  1716. },
  1717. {
  1718. "techniqueID": "T1078.001",
  1719. "tactic": "persistence",
  1720. "score": 1,
  1721. "color": "",
  1722. "comment": "",
  1723. "enabled": true,
  1724. "metadata": [],
  1725. "showSubtechniques": false
  1726. },
  1727. {
  1728. "techniqueID": "T1078.001",
  1729. "tactic": "privilege-escalation",
  1730. "score": 1,
  1731. "color": "",
  1732. "comment": "",
  1733. "enabled": true,
  1734. "metadata": [],
  1735. "showSubtechniques": false
  1736. },
  1737. {
  1738. "techniqueID": "T1078.002",
  1739. "tactic": "defense-evasion",
  1740. "score": 3,
  1741. "color": "",
  1742. "comment": "",
  1743. "enabled": true,
  1744. "metadata": [],
  1745. "showSubtechniques": false
  1746. },
  1747. {
  1748. "techniqueID": "T1078.002",
  1749. "tactic": "persistence",
  1750. "score": 3,
  1751. "color": "",
  1752. "comment": "",
  1753. "enabled": true,
  1754. "metadata": [],
  1755. "showSubtechniques": false
  1756. },
  1757. {
  1758. "techniqueID": "T1078.002",
  1759. "tactic": "privilege-escalation",
  1760. "score": 3,
  1761. "color": "",
  1762. "comment": "",
  1763. "enabled": true,
  1764. "metadata": [],
  1765. "showSubtechniques": false
  1766. },
  1767. {
  1768. "techniqueID": "T1078.003",
  1769. "tactic": "defense-evasion",
  1770. "score": 3,
  1771. "color": "",
  1772. "comment": "",
  1773. "enabled": true,
  1774. "metadata": [],
  1775. "showSubtechniques": false
  1776. },
  1777. {
  1778. "techniqueID": "T1078.003",
  1779. "tactic": "persistence",
  1780. "score": 3,
  1781. "color": "",
  1782. "comment": "",
  1783. "enabled": true,
  1784. "metadata": [],
  1785. "showSubtechniques": false
  1786. },
  1787. {
  1788. "techniqueID": "T1078.003",
  1789. "tactic": "privilege-escalation",
  1790. "score": 3,
  1791. "color": "",
  1792. "comment": "",
  1793. "enabled": true,
  1794. "metadata": [],
  1795. "showSubtechniques": false
  1796. },
  1797. {
  1798. "techniqueID": "T1102",
  1799. "tactic": "command-and-control",
  1800. "score": 1,
  1801. "color": "",
  1802. "comment": "",
  1803. "enabled": true,
  1804. "metadata": [],
  1805. "showSubtechniques": true
  1806. },
  1807. {
  1808. "techniqueID": "T1102.002",
  1809. "tactic": "command-and-control",
  1810. "score": 1,
  1811. "color": "",
  1812. "comment": "",
  1813. "enabled": true,
  1814. "metadata": [],
  1815. "showSubtechniques": false
  1816. },
  1817. {
  1818. "techniqueID": "T1047",
  1819. "tactic": "execution",
  1820. "score": 3,
  1821. "color": "",
  1822. "comment": "",
  1823. "enabled": true,
  1824. "metadata": [],
  1825. "showSubtechniques": false
  1826. },
  1827. {
  1828. "techniqueID": "T1197",
  1829. "tactic": "defense-evasion",
  1830. "score": 2,
  1831. "color": "",
  1832. "comment": "",
  1833. "enabled": true,
  1834. "metadata": [],
  1835. "showSubtechniques": false
  1836. },
  1837. {
  1838. "techniqueID": "T1197",
  1839. "tactic": "persistence",
  1840. "score": 2,
  1841. "color": "",
  1842. "comment": "",
  1843. "enabled": true,
  1844. "metadata": [],
  1845. "showSubtechniques": false
  1846. },
  1847. {
  1848. "techniqueID": "T1547.004",
  1849. "tactic": "persistence",
  1850. "score": 2,
  1851. "color": "",
  1852. "comment": "",
  1853. "enabled": true,
  1854. "metadata": [],
  1855. "showSubtechniques": false
  1856. },
  1857. {
  1858. "techniqueID": "T1547.004",
  1859. "tactic": "privilege-escalation",
  1860. "score": 2,
  1861. "color": "",
  1862. "comment": "",
  1863. "enabled": true,
  1864. "metadata": [],
  1865. "showSubtechniques": false
  1866. },
  1867. {
  1868. "techniqueID": "T1110",
  1869. "tactic": "credential-access",
  1870. "score": 2,
  1871. "color": "",
  1872. "comment": "",
  1873. "enabled": true,
  1874. "metadata": [],
  1875. "showSubtechniques": true
  1876. },
  1877. {
  1878. "techniqueID": "T1110.001",
  1879. "tactic": "credential-access",
  1880. "score": 2,
  1881. "color": "",
  1882. "comment": "",
  1883. "enabled": true,
  1884. "metadata": [],
  1885. "showSubtechniques": false
  1886. },
  1887. {
  1888. "techniqueID": "T1110.004",
  1889. "tactic": "credential-access",
  1890. "score": 2,
  1891. "color": "",
  1892. "comment": "",
  1893. "enabled": true,
  1894. "metadata": [],
  1895. "showSubtechniques": false
  1896. },
  1897. {
  1898. "techniqueID": "T1059.007",
  1899. "tactic": "execution",
  1900. "score": 2,
  1901. "color": "",
  1902. "comment": "",
  1903. "enabled": true,
  1904. "metadata": [],
  1905. "showSubtechniques": false
  1906. },
  1907. {
  1908. "techniqueID": "T1555.005",
  1909. "tactic": "credential-access",
  1910. "score": 2,
  1911. "color": "",
  1912. "comment": "",
  1913. "enabled": true,
  1914. "metadata": [],
  1915. "showSubtechniques": false
  1916. },
  1917. {
  1918. "techniqueID": "T1482",
  1919. "tactic": "discovery",
  1920. "score": 2,
  1921. "color": "",
  1922. "comment": "",
  1923. "enabled": true,
  1924. "metadata": [],
  1925. "showSubtechniques": false
  1926. },
  1927. {
  1928. "techniqueID": "T1114.001",
  1929. "tactic": "collection",
  1930. "score": 2,
  1931. "color": "",
  1932. "comment": "",
  1933. "enabled": true,
  1934. "metadata": [],
  1935. "showSubtechniques": false
  1936. },
  1937. {
  1938. "techniqueID": "T1573.001",
  1939. "tactic": "command-and-control",
  1940. "score": 2,
  1941. "color": "",
  1942. "comment": "",
  1943. "enabled": true,
  1944. "metadata": [],
  1945. "showSubtechniques": false
  1946. },
  1947. {
  1948. "techniqueID": "T1048",
  1949. "tactic": "exfiltration",
  1950. "score": 2,
  1951. "color": "",
  1952. "comment": "",
  1953. "enabled": true,
  1954. "metadata": [],
  1955. "showSubtechniques": true
  1956. },
  1957. {
  1958. "techniqueID": "T1048.003",
  1959. "tactic": "exfiltration",
  1960. "score": 2,
  1961. "color": "",
  1962. "comment": "",
  1963. "enabled": true,
  1964. "metadata": [],
  1965. "showSubtechniques": false
  1966. },
  1967. {
  1968. "techniqueID": "T1222",
  1969. "tactic": "defense-evasion",
  1970. "score": 2,
  1971. "color": "",
  1972. "comment": "",
  1973. "enabled": true,
  1974. "metadata": [],
  1975. "showSubtechniques": true
  1976. },
  1977. {
  1978. "techniqueID": "T1222.001",
  1979. "tactic": "defense-evasion",
  1980. "score": 2,
  1981. "color": "",
  1982. "comment": "",
  1983. "enabled": true,
  1984. "metadata": [],
  1985. "showSubtechniques": false
  1986. },
  1987. {
  1988. "techniqueID": "T1574.009",
  1989. "tactic": "persistence",
  1990. "score": 2,
  1991. "color": "",
  1992. "comment": "",
  1993. "enabled": true,
  1994. "metadata": [],
  1995. "showSubtechniques": false
  1996. },
  1997. {
  1998. "techniqueID": "T1574.009",
  1999. "tactic": "privilege-escalation",
  2000. "score": 2,
  2001. "color": "",
  2002. "comment": "",
  2003. "enabled": true,
  2004. "metadata": [],
  2005. "showSubtechniques": false
  2006. },
  2007. {
  2008. "techniqueID": "T1574.009",
  2009. "tactic": "defense-evasion",
  2010. "score": 2,
  2011. "color": "",
  2012. "comment": "",
  2013. "enabled": true,
  2014. "metadata": [],
  2015. "showSubtechniques": false
  2016. },
  2017. {
  2018. "techniqueID": "T1574.007",
  2019. "tactic": "persistence",
  2020. "score": 2,
  2021. "color": "",
  2022. "comment": "",
  2023. "enabled": true,
  2024. "metadata": [],
  2025. "showSubtechniques": false
  2026. },
  2027. {
  2028. "techniqueID": "T1574.007",
  2029. "tactic": "privilege-escalation",
  2030. "score": 2,
  2031. "color": "",
  2032. "comment": "",
  2033. "enabled": true,
  2034. "metadata": [],
  2035. "showSubtechniques": false
  2036. },
  2037. {
  2038. "techniqueID": "T1574.007",
  2039. "tactic": "defense-evasion",
  2040. "score": 2,
  2041. "color": "",
  2042. "comment": "",
  2043. "enabled": true,
  2044. "metadata": [],
  2045. "showSubtechniques": false
  2046. },
  2047. {
  2048. "techniqueID": "T1574.008",
  2049. "tactic": "persistence",
  2050. "score": 2,
  2051. "color": "",
  2052. "comment": "",
  2053. "enabled": true,
  2054. "metadata": [],
  2055. "showSubtechniques": false
  2056. },
  2057. {
  2058. "techniqueID": "T1574.008",
  2059. "tactic": "privilege-escalation",
  2060. "score": 2,
  2061. "color": "",
  2062. "comment": "",
  2063. "enabled": true,
  2064. "metadata": [],
  2065. "showSubtechniques": false
  2066. },
  2067. {
  2068. "techniqueID": "T1574.008",
  2069. "tactic": "defense-evasion",
  2070. "score": 2,
  2071. "color": "",
  2072. "comment": "",
  2073. "enabled": true,
  2074. "metadata": [],
  2075. "showSubtechniques": false
  2076. },
  2077. {
  2078. "techniqueID": "T1574.001",
  2079. "tactic": "persistence",
  2080. "score": 2,
  2081. "color": "",
  2082. "comment": "",
  2083. "enabled": true,
  2084. "metadata": [],
  2085. "showSubtechniques": false
  2086. },
  2087. {
  2088. "techniqueID": "T1574.001",
  2089. "tactic": "privilege-escalation",
  2090. "score": 2,
  2091. "color": "",
  2092. "comment": "",
  2093. "enabled": true,
  2094. "metadata": [],
  2095. "showSubtechniques": false
  2096. },
  2097. {
  2098. "techniqueID": "T1574.001",
  2099. "tactic": "defense-evasion",
  2100. "score": 2,
  2101. "color": "",
  2102. "comment": "",
  2103. "enabled": true,
  2104. "metadata": [],
  2105. "showSubtechniques": false
  2106. },
  2107. {
  2108. "techniqueID": "T1562.002",
  2109. "tactic": "defense-evasion",
  2110. "score": 2,
  2111. "color": "",
  2112. "comment": "",
  2113. "enabled": true,
  2114. "metadata": [],
  2115. "showSubtechniques": false
  2116. },
  2117. {
  2118. "techniqueID": "T1559",
  2119. "tactic": "execution",
  2120. "score": 2,
  2121. "color": "",
  2122. "comment": "",
  2123. "enabled": true,
  2124. "metadata": [],
  2125. "showSubtechniques": true
  2126. },
  2127. {
  2128. "techniqueID": "T1559.001",
  2129. "tactic": "execution",
  2130. "score": 2,
  2131. "color": "",
  2132. "comment": "",
  2133. "enabled": true,
  2134. "metadata": [],
  2135. "showSubtechniques": false
  2136. },
  2137. {
  2138. "techniqueID": "T1534",
  2139. "tactic": "lateral-movement",
  2140. "score": 2,
  2141. "color": "",
  2142. "comment": "",
  2143. "enabled": true,
  2144. "metadata": [],
  2145. "showSubtechniques": false
  2146. },
  2147. {
  2148. "techniqueID": "T1185",
  2149. "tactic": "collection",
  2150. "score": 2,
  2151. "color": "",
  2152. "comment": "",
  2153. "enabled": true,
  2154. "metadata": [],
  2155. "showSubtechniques": false
  2156. },
  2157. {
  2158. "techniqueID": "T1557",
  2159. "tactic": "credential-access",
  2160. "score": 2,
  2161. "color": "",
  2162. "comment": "",
  2163. "enabled": true,
  2164. "metadata": [],
  2165. "showSubtechniques": true
  2166. },
  2167. {
  2168. "techniqueID": "T1557.001",
  2169. "tactic": "credential-access",
  2170. "score": 2,
  2171. "color": "",
  2172. "comment": "",
  2173. "enabled": true,
  2174. "metadata": [],
  2175. "showSubtechniques": false
  2176. },
  2177. {
  2178. "techniqueID": "T1557.001",
  2179. "tactic": "collection",
  2180. "score": 2,
  2181. "color": "",
  2182. "comment": "",
  2183. "enabled": true,
  2184. "metadata": [],
  2185. "showSubtechniques": false
  2186. },
  2187. {
  2188. "techniqueID": "T1003.003",
  2189. "tactic": "credential-access",
  2190. "score": 2,
  2191. "color": "",
  2192. "comment": "",
  2193. "enabled": true,
  2194. "metadata": [],
  2195. "showSubtechniques": false
  2196. },
  2197. {
  2198. "techniqueID": "T1027.002",
  2199. "tactic": "defense-evasion",
  2200. "score": 2,
  2201. "color": "",
  2202. "comment": "",
  2203. "enabled": true,
  2204. "metadata": [],
  2205. "showSubtechniques": false
  2206. },
  2207. {
  2208. "techniqueID": "T1027.005",
  2209. "tactic": "defense-evasion",
  2210. "score": 2,
  2211. "color": "",
  2212. "comment": "",
  2213. "enabled": true,
  2214. "metadata": [],
  2215. "showSubtechniques": false
  2216. },
  2217. {
  2218. "techniqueID": "T1201",
  2219. "tactic": "discovery",
  2220. "score": 2,
  2221. "color": "",
  2222. "comment": "",
  2223. "enabled": true,
  2224. "metadata": [],
  2225. "showSubtechniques": false
  2226. },
  2227. {
  2228. "techniqueID": "T1069",
  2229. "tactic": "discovery",
  2230. "score": 2,
  2231. "color": "",
  2232. "comment": "",
  2233. "enabled": true,
  2234. "metadata": [],
  2235. "showSubtechniques": true
  2236. },
  2237. {
  2238. "techniqueID": "T1069.002",
  2239. "tactic": "discovery",
  2240. "score": 2,
  2241. "color": "",
  2242. "comment": "",
  2243. "enabled": true,
  2244. "metadata": [],
  2245. "showSubtechniques": false
  2246. },
  2247. {
  2248. "techniqueID": "T1069.001",
  2249. "tactic": "discovery",
  2250. "score": 2,
  2251. "color": "",
  2252. "comment": "",
  2253. "enabled": true,
  2254. "metadata": [],
  2255. "showSubtechniques": false
  2256. },
  2257. {
  2258. "techniqueID": "T1055.002",
  2259. "tactic": "defense-evasion",
  2260. "score": 2,
  2261. "color": "",
  2262. "comment": "",
  2263. "enabled": true,
  2264. "metadata": [],
  2265. "showSubtechniques": false
  2266. },
  2267. {
  2268. "techniqueID": "T1055.002",
  2269. "tactic": "privilege-escalation",
  2270. "score": 2,
  2271. "color": "",
  2272. "comment": "",
  2273. "enabled": true,
  2274. "metadata": [],
  2275. "showSubtechniques": false
  2276. },
  2277. {
  2278. "techniqueID": "T1055.012",
  2279. "tactic": "defense-evasion",
  2280. "score": 2,
  2281. "color": "",
  2282. "comment": "",
  2283. "enabled": true,
  2284. "metadata": [],
  2285. "showSubtechniques": false
  2286. },
  2287. {
  2288. "techniqueID": "T1055.012",
  2289. "tactic": "privilege-escalation",
  2290. "score": 2,
  2291. "color": "",
  2292. "comment": "",
  2293. "enabled": true,
  2294. "metadata": [],
  2295. "showSubtechniques": false
  2296. },
  2297. {
  2298. "techniqueID": "T1012",
  2299. "tactic": "discovery",
  2300. "score": 2,
  2301. "color": "",
  2302. "comment": "",
  2303. "enabled": true,
  2304. "metadata": [],
  2305. "showSubtechniques": false
  2306. },
  2307. {
  2308. "techniqueID": "T1021.001",
  2309. "tactic": "lateral-movement",
  2310. "score": 2,
  2311. "color": "",
  2312. "comment": "",
  2313. "enabled": true,
  2314. "metadata": [],
  2315. "showSubtechniques": false
  2316. },
  2317. {
  2318. "techniqueID": "T1558.003",
  2319. "tactic": "credential-access",
  2320. "score": 2,
  2321. "color": "",
  2322. "comment": "",
  2323. "enabled": true,
  2324. "metadata": [],
  2325. "showSubtechniques": false
  2326. },
  2327. {
  2328. "techniqueID": "T1553.002",
  2329. "tactic": "defense-evasion",
  2330. "score": 2,
  2331. "color": "",
  2332. "comment": "",
  2333. "enabled": true,
  2334. "metadata": [],
  2335. "showSubtechniques": false
  2336. },
  2337. {
  2338. "techniqueID": "T1007",
  2339. "tactic": "discovery",
  2340. "score": 2,
  2341. "color": "",
  2342. "comment": "",
  2343. "enabled": true,
  2344. "metadata": [],
  2345. "showSubtechniques": false
  2346. },
  2347. {
  2348. "techniqueID": "T1080",
  2349. "tactic": "lateral-movement",
  2350. "score": 2,
  2351. "color": "",
  2352. "comment": "",
  2353. "enabled": true,
  2354. "metadata": [],
  2355. "showSubtechniques": false
  2356. },
  2357. {
  2358. "techniqueID": "T1552.002",
  2359. "tactic": "credential-access",
  2360. "score": 2,
  2361. "color": "",
  2362. "comment": "",
  2363. "enabled": true,
  2364. "metadata": [],
  2365. "showSubtechniques": false
  2366. },
  2367. {
  2368. "techniqueID": "T1561.002",
  2369. "tactic": "impact",
  2370. "score": 1,
  2371. "color": "",
  2372. "comment": "",
  2373. "enabled": true,
  2374. "metadata": [],
  2375. "showSubtechniques": false
  2376. },
  2377. {
  2378. "techniqueID": "T1505",
  2379. "tactic": "persistence",
  2380. "color": "",
  2381. "comment": "",
  2382. "enabled": true,
  2383. "metadata": [],
  2384. "showSubtechniques": true
  2385. }
  2386. ],
  2387. "gradient": {
  2388. "colors": [
  2389. "#0096d1",
  2390. "#6241c5",
  2391. "#727272"
  2392. ],
  2393. "minValue": 1,
  2394. "maxValue": 3
  2395. },
  2396. "legendItems": [
  2397. {
  2398. "color": "#6241c5",
  2399. "label": "Wizard Spider"
  2400. },
  2401. {
  2402. "color": "#0096d1",
  2403. "label": "Sandworm"
  2404. },
  2405. {
  2406. "color": "#727272",
  2407. "label": "Sandworm and Wizard Spider"
  2408. }
  2409. ],
  2410. "metadata": [],
  2411. "showTacticRowBackground": false,
  2412. "tacticRowBackground": "#dddddd",
  2413. "selectTechniquesAcrossTactics": true,
  2414. "selectSubtechniquesWithParent": false
  2415. }

中文解说:《威胁棱镜 - MITRE ATT&CK第四轮评估结果发布》

MITER 每年会针对不同的攻击组织进行模拟,对参加的各个安全厂商进行评估。2022 年 3 月,MITER 发布了最新一轮的 ATT&CK 安全解决方案评估结果。这是继 2018 年测试评估检测 APT3、2019 年测试评估检测 APT29、2020 年测试评估检测 Carbanak/FIN7 后的第四轮评估。
image.png

评估目标

在 2021 年第四季度进行的 ATT&CK 第四轮评估的假想敌是 Wizard Spider + Sandworm,本轮评估的重点是对数据加密(T1486)部分进行测试。Wizard Spider 利用 Ryuk 勒索软件进行数据加密,Sandworm 利用 NotPetya 进行数据加密。

Wizard Spider

Wizard Spider 是一个以获取经济利益为目的的攻击团伙,从 2018 年 8 月开始一直在针对各种组织发起勒索软件攻击行动。

Sandworm Team

Sandworm Team 是一个被认为是俄罗斯的 APT 组织,该组织被美国司法部和英国国家网络安全中心归因为俄罗斯 GRU 74455 部队。
Sandworm Team 最典型的攻击案例包括 2015 年和 2016 年针对乌克兰电力公司的攻击以及 2017 年的 NotPetya,该攻击组织至少从 2009 年开始就一直保持活跃。

参评厂商

征集参评厂商从 2021 年 3 月中旬到 5 月末截止。如下所示,参与本轮评估的 30 个厂商依旧是全明星阵容。卡巴斯基依旧缺席,不知道是不是制裁的缘故。有一些新玩家,例如 Rapid7 和 Qualys。
image.png

评估环境

评估在 Microsoft Azure 云上进行,分为两个组织的网络。主机操作系统分别是 Windows Server 2019、Windows 10 Pro 和 CentOS 7.9,某些主机上禁用了 Windows Defender。
image.png

覆盖技术

两个组织使用的技术项如下所示,Wizard Spider 的技术项为紫色, Sandworm 的技术项为蓝色,二者都有的技术项目为灰色。
image.png

结果评估

实际上,ATT&CK 评估不仅会看检测数量,还会看是否捕获了攻击的子步骤、是否提供了有效告警、是否阻止了攻击。
本轮评估的两个场景下一共设计了九十个攻击步骤,其中 Linux 部分是可选参与的,但没有提供该系统上解决方案的厂商将无法得到该部分的可见性分数。
image.png
检测分为五级:

  • N/A(不适用):厂商并不支持检测 Linux 环境
  • None:厂商没有能够检测发现
  • Telemetry(遥测):通过遥测收集的数据在远端检测
  • General(通用):检测发现恶意行为,但没有提供更多细节
  • Tactic(战术):检测能够提供出攻击者战术意图的相关信息
  • Technique(技术):检测能够提供出攻击者技术方式的相关信息

告警分为三级告警:通用告警、战术告警、技术告警。
技术告警能够使得分析人员快速定位并处理,除了对安全事件的基本描述外还带有上下文。例如不仅仅告警恶意 PowerShell 脚本执行,还告知分析人员恶意脚本要通过更改注册表项利用 Winlogon 在登录时执行任意程序进行持久化。

评估结果

MITRE 的评估指标此前在第三轮评估中介绍过,可以移步查看:《公众号:威胁棱镜 - MITRE ATT&CK 第三轮评估结果发布
整体的结果如下所示:

厂商 检测数量 分析覆盖 遥测覆盖 可见数量
AhnLab 83 59 24 83
Bitdefender 115 106 3 106
Check Point 117 103 3 103
Cisco 111 74 26 90
CrowdStrike 112 94 16 105
Cybereason 109 108 1 109
CyCraft 77 64 13 77
BlackBerry Cylance 97 71 24 89
Cynet 123 102 11 107
Deep Instinct 76 59 15 63
Elastic 108 71 35 98
ESET 90 69 17 75
Fidelis 128 85 22 94
FireEye 97 85 6 89
Fortinet 96 85 9 87
Malwarebytes 83 83 0 83
McAfee 113 84 26 107
Microsoft 110 98 5 98
Palo Alto Networks 107 107 0 107
Qualys 81 50 23 66
Rapid7 70 23 46 62
ReaQta 71 62 9 71
SentinelOne 108 108 0 108
Somma 69 28 41 68
Sophos 99 67 27 88
Broadcom Symantec 93 87 5 92
Trend Micro 133 100 13 105
Uptycs 97 81 15 92
VMware Carbon Black 90 57 33 90
WithSecure 83 66 17 83

注:检测数量项 MITRE 已经不再直接公布,本文采用数据中的 Total_Detections 进行统计。与原指标含义肯定存在统计口径上的差异,但仍沿用原指标的表述,不同轮次间该指标不具备可比性。
按照排名整理下前五名,乍一看没有明显的赢家,没有任何一个厂商表现出了异乎寻常的统治力。
image.png
分项来看,首先是检测数量,趋势科技夺魁:
image.png
接着是分析覆盖,由 SentinelOne 与 Cybereason 并列第一:
image.png
在可见数量上,Cybereason 险胜 SentinelOne:
image.png
最后是遥测覆盖,画风大变:
image.png
计算检测数量与遥测覆盖的相关系数的话,为 -0.247。而与分析覆盖和可见数量则趋向正相关,可见绝大多数引擎都是不非常依赖遥测的。
例如,Palo Alto Networks 与 SentinelOne 在遥测上均为零双双倒数,但检测数量的排名却均能排在中间。
此类更为典型的厂商是 Bitdefender 与 Check Point,二者都强依赖就地检测而遥测并不擅长(注:下图橙色为遥测排名,蓝色为检测排名)。
image.png
另外,将遥测作为有力补充的厂商也不少,典型的是 Cisco 与 McAfee,此类厂商在两个领域的表现都很好。而出现遥测排名靠前而检测数量排名靠后的情况,可能表明该厂商更依赖遥测而非就地检出进行告警。例如,Rapid7、Somma。
再次强调一下,MITRE 官方表示不提供任何排名或者评级,只提供结果相关的原始数据。各方都可以基于这些数据按照不同的角度进行数据解读,本文探讨的也是笔者对数据的个人视角,不代表对各个厂商的好坏给出了最终排名,也并非 MITRE 给出的排名。
按照排名来统计的话,包含四个子项在内的整体平均排名的 TOP10 为:

  • McAfee
  • Cynet
  • Trend Micro
  • Fidelis
  • Cybereason/Bitdefender
  • Elastic
  • SentinelOne/Check Point
  • Cisco

而去掉遥测子项进行平均排名的话,排名的 TOP10 为:

  • Cybereason
  • Cynet
  • Bitdefender/SentinelOne
  • Trend Micro
  • Check Point
  • Palo Alto Networks
  • CrowdStrike
  • McAfee
  • Fidelis

不知道这两个排名,哪一个更符合你心里的排名预期。

产品

最后来看一下部分厂商的产品截图,在做 EDR、XDR 相关产品的同学可以取其精华去其糟粕。(注:微信公众号会压缩图片,大图看不清楚请移步官网)

Microsoft

image.png
image.png
image.png

Bitdefender

image.png
image.png

Cybereason

image.png
image.png
image.png

SentinelOne

image.png
image.png
image.png

Elastic

image.png

Trend Micro

image.png
image.png
image.png

CrowdStrike

image.png
image.png

Check Point

image.png
image.png
image.png

Palo Alto Networks

image.png
image.png