{
    "name": "Wizard Spider and Sandworm",
    "versions": {
        "attack": "9",
        "navigator": "4.3",
        "layer": "4.2"
    },
    "domain": "enterprise-attack",
    "description": "",
    "filters": {
        "platforms": [
            "Linux",
            "Windows"
        ]
    },
    "sorting": 0,
    "layout": {
        "layout": "side",
        "aggregateFunction": "average",
        "showID": false,
        "showName": true,
        "showAggregateScores": false,
        "countUnscored": false
    },
    "hideDisabled": false,
    "techniques": [
        {
            "techniqueID": "T1136.002",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1573.002",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1133",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1562.001",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1548",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1548",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1548.001",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1548.001",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1548.002",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1548.002",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1134",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1134",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1134.005",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1134.005",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1087",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1087.001",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1087.002",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1087.003",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1098",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1098.004",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1071",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1071.001",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1560",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1547",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1547.001",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.001",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.005",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.005",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.006",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.006",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.009",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.009",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1037",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1037",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1037.004",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1037.004",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1059.001",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059.003",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059.004",
            "tactic": "execution",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059.005",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059.006",
            "tactic": "execution",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1554",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1136",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1136.001",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1543",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1543",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1543.002",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1543.002",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1543.003",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1543.003",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1555",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1555.003",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1555.004",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1485",
            "tactic": "impact",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1132",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1132.001",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1486",
            "tactic": "impact",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1074",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1074.001",
            "tactic": "collection",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1005",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1140",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1561",
            "tactic": "impact",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1484",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1484",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1484.001",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1484.001",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1114",
            "tactic": "collection",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1573",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1499",
            "tactic": "impact",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1041",
            "tactic": "exfiltration",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1008",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1083",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1574",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1574",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1574.010",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.010",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.010",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1562",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1070",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1070.001",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1070.002",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1070.004",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1105",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1490",
            "tactic": "impact",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1056",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1056",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1056.001",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1056.001",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1570",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1557",
            "tactic": "collection",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1036",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1036.004",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1036.005",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1112",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1106",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1046",
            "tactic": "discovery",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1135",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1040",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1040",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1571",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1003",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1003.001",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1003.002",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1003.008",
            "tactic": "credential-access",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1003.004",
            "tactic": "credential-access",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1027",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1120",
            "tactic": "discovery",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1057",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1055",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1055.001",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055.001",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1572",
            "tactic": "command-and-control",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1090",
            "tactic": "command-and-control",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1219",
            "tactic": "command-and-control",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1021",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1021.002",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1021.004",
            "tactic": "lateral-movement",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1021.006",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1018",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1053",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1053",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1053.005",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.005",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.005",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.004",
            "tactic": "execution",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.004",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.004",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.003",
            "tactic": "execution",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.003",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1053.003",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1113",
            "tactic": "collection",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1505.003",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1489",
            "tactic": "impact",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1218",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1218.011",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1072",
            "tactic": "execution",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1072",
            "tactic": "lateral-movement",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1518",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1518.001",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1558",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1553",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1553.006",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1082",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1016",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1049",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1033",
            "tactic": "discovery",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1569",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1569.002",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1529",
            "tactic": "impact",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1552",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1552.001",
            "tactic": "credential-access",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1552.003",
            "tactic": "credential-access",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1552.004",
            "tactic": "credential-access",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1550",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1550",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1550.002",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1550.002",
            "tactic": "lateral-movement",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1204",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1204.001",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1204.002",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1078",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1078",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1078.001",
            "tactic": "defense-evasion",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.001",
            "tactic": "persistence",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.001",
            "tactic": "privilege-escalation",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.002",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.002",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.002",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.003",
            "tactic": "defense-evasion",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.003",
            "tactic": "persistence",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1078.003",
            "tactic": "privilege-escalation",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1102",
            "tactic": "command-and-control",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1102.002",
            "tactic": "command-and-control",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1047",
            "tactic": "execution",
            "score": 3,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1197",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1197",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.004",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1547.004",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1110",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1110.001",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1110.004",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1059.007",
            "tactic": "execution",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1555.005",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1482",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1114.001",
            "tactic": "collection",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1573.001",
            "tactic": "command-and-control",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1048",
            "tactic": "exfiltration",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1048.003",
            "tactic": "exfiltration",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1222",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1222.001",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.009",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.009",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.009",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.007",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.007",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.007",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.008",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.008",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.008",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.001",
            "tactic": "persistence",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.001",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1574.001",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1562.002",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1559",
            "tactic": "execution",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1559.001",
            "tactic": "execution",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1534",
            "tactic": "lateral-movement",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1185",
            "tactic": "collection",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1557",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1557.001",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1557.001",
            "tactic": "collection",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1003.003",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1027.002",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1027.005",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1201",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1069",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        },
        {
            "techniqueID": "T1069.002",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1069.001",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055.002",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055.002",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055.012",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1055.012",
            "tactic": "privilege-escalation",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1012",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1021.001",
            "tactic": "lateral-movement",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1558.003",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1553.002",
            "tactic": "defense-evasion",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1007",
            "tactic": "discovery",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1080",
            "tactic": "lateral-movement",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1552.002",
            "tactic": "credential-access",
            "score": 2,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1561.002",
            "tactic": "impact",
            "score": 1,
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": false
        },
        {
            "techniqueID": "T1505",
            "tactic": "persistence",
            "color": "",
            "comment": "",
            "enabled": true,
            "metadata": [],
            "showSubtechniques": true
        }
    ],
    "gradient": {
        "colors": [
            "#0096d1",
            "#6241c5",
            "#727272"
        ],
        "minValue": 1,
        "maxValue": 3
    },
    "legendItems": [
        {
            "color": "#6241c5",
            "label": "Wizard Spider"
        },
        {
            "color": "#0096d1",
            "label": "Sandworm"
        },
        {
            "color": "#727272",
            "label": "Sandworm and Wizard Spider"
        }
    ],
    "metadata": [],
    "showTacticRowBackground": false,
    "tacticRowBackground": "#dddddd",
    "selectTechniquesAcrossTactics": true,
    "selectSubtechniquesWithParent": false
}
中文解说：《威胁棱镜 - MITRE ATT&CK第四轮评估结果发布》

MITER 每年会针对不同的攻击组织进行模拟，对参加的各个安全厂商进行评估。2022 年 3 月，MITER 发布了最新一轮的 ATT&CK 安全解决方案评估结果。这是继 2018 年测试评估检测 APT3、2019 年测试评估检测 APT29、2020 年测试评估检测 Carbanak/FIN7 后的第四轮评估。
评估目标

在 2021 年第四季度进行的 ATT&CK 第四轮评估的假想敌是 Wizard Spider + Sandworm，本轮评估的重点是对数据加密（T1486）部分进行测试。Wizard Spider 利用 Ryuk 勒索软件进行数据加密，Sandworm 利用 NotPetya 进行数据加密。
Wizard Spider

Wizard Spider 是一个以获取经济利益为目的的攻击团伙，从 2018 年 8 月开始一直在针对各种组织发起勒索软件攻击行动。
Sandworm Team

Sandworm Team 是一个被认为是俄罗斯的 APT 组织，该组织被美国司法部和英国国家网络安全中心归因为俄罗斯 GRU 74455 部队。
Sandworm Team 最典型的攻击案例包括 2015 年和 2016 年针对乌克兰电力公司的攻击以及 2017 年的 NotPetya，该攻击组织至少从 2009 年开始就一直保持活跃。
参评厂商

征集参评厂商从 2021 年 3 月中旬到 5 月末截止。如下所示，参与本轮评估的 30 个厂商依旧是全明星阵容。卡巴斯基依旧缺席，不知道是不是制裁的缘故。有一些新玩家，例如 Rapid7 和 Qualys。
评估环境

评估在 Microsoft Azure 云上进行，分为两个组织的网络。主机操作系统分别是 Windows Server 2019、Windows 10 Pro 和 CentOS 7.9，某些主机上禁用了 Windows Defender。
覆盖技术

两个组织使用的技术项如下所示，Wizard Spider 的技术项为紫色， Sandworm 的技术项为蓝色，二者都有的技术项目为灰色。
结果评估

实际上，ATT&CK 评估不仅会看检测数量，还会看是否捕获了攻击的子步骤、是否提供了有效告警、是否阻止了攻击。
本轮评估的两个场景下一共设计了九十个攻击步骤，其中 Linux 部分是可选参与的，但没有提供该系统上解决方案的厂商将无法得到该部分的可见性分数。

检测分为五级：
N/A（不适用）：厂商并不支持检测 Linux 环境
None：厂商没有能够检测发现
Telemetry（遥测）：通过遥测收集的数据在远端检测
General（通用）：检测发现恶意行为，但没有提供更多细节
Tactic（战术）：检测能够提供出攻击者战术意图的相关信息
Technique（技术）：检测能够提供出攻击者技术方式的相关信息
告警分为三级告警：通用告警、战术告警、技术告警。
技术告警能够使得分析人员快速定位并处理，除了对安全事件的基本描述外还带有上下文。例如不仅仅告警恶意 PowerShell 脚本执行，还告知分析人员恶意脚本要通过更改注册表项利用 Winlogon 在登录时执行任意程序进行持久化。
评估结果

MITRE 的评估指标此前在第三轮评估中介绍过，可以移步查看：《公众号：威胁棱镜 - MITRE ATT&CK 第三轮评估结果发布》
整体的结果如下所示：
厂商	检测数量	分析覆盖	遥测覆盖	可见数量
AhnLab	83	59	24	83
Bitdefender	115	106	3	106
Check Point	117	103	3	103
Cisco	111	74	26	90
CrowdStrike	112	94	16	105
Cybereason	109	108	1	109
CyCraft	77	64	13	77
BlackBerry Cylance	97	71	24	89
Cynet	123	102	11	107
Deep Instinct	76	59	15	63
Elastic	108	71	35	98
ESET	90	69	17	75
Fidelis	128	85	22	94
FireEye	97	85	6	89
Fortinet	96	85	9	87
Malwarebytes	83	83	0	83
McAfee	113	84	26	107
Microsoft	110	98	5	98
Palo Alto Networks	107	107	0	107
Qualys	81	50	23	66
Rapid7	70	23	46	62
ReaQta	71	62	9	71
SentinelOne	108	108	0	108
Somma	69	28	41	68
Sophos	99	67	27	88
Broadcom Symantec	93	87	5	92
Trend Micro	133	100	13	105
Uptycs	97	81	15	92
VMware Carbon Black	90	57	33	90
WithSecure	83	66	17	83
注：检测数量项 MITRE 已经不再直接公布，本文采用数据中的 Total_Detections 进行统计。与原指标含义肯定存在统计口径上的差异，但仍沿用原指标的表述，不同轮次间该指标不具备可比性。
按照排名整理下前五名，乍一看没有明显的赢家，没有任何一个厂商表现出了异乎寻常的统治力。

分项来看，首先是检测数量，趋势科技夺魁：

接着是分析覆盖，由 SentinelOne 与 Cybereason 并列第一：

在可见数量上，Cybereason 险胜 SentinelOne：

最后是遥测覆盖，画风大变：

计算检测数量与遥测覆盖的相关系数的话，为 -0.247。而与分析覆盖和可见数量则趋向正相关，可见绝大多数引擎都是不非常依赖遥测的。
例如，Palo Alto Networks 与 SentinelOne 在遥测上均为零双双倒数，但检测数量的排名却均能排在中间。
此类更为典型的厂商是 Bitdefender 与 Check Point，二者都强依赖就地检测而遥测并不擅长（注：下图橙色为遥测排名，蓝色为检测排名）。

另外，将遥测作为有力补充的厂商也不少，典型的是 Cisco 与 McAfee，此类厂商在两个领域的表现都很好。而出现遥测排名靠前而检测数量排名靠后的情况，可能表明该厂商更依赖遥测而非就地检出进行告警。例如，Rapid7、Somma。
再次强调一下，MITRE 官方表示不提供任何排名或者评级，只提供结果相关的原始数据。各方都可以基于这些数据按照不同的角度进行数据解读，本文探讨的也是笔者对数据的个人视角，不代表对各个厂商的好坏给出了最终排名，也并非 MITRE 给出的排名。
按照排名来统计的话，包含四个子项在内的整体平均排名的 TOP10 为：