From acdf5b26641fcceabe425816d62adc824dd7b79c Mon Sep 17 00:00:00 2001 From: vl43den <187105559+vl43den@users.noreply.github.com> Date: Sun, 1 Mar 2026 02:53:29 +0000 Subject: [PATCH] chore: update ATT&CK heatmap --- other/sigma_attack_nav_coverage.json | 2772 +++++++++++++------------- 1 file changed, 1386 insertions(+), 1386 deletions(-) diff --git a/other/sigma_attack_nav_coverage.json b/other/sigma_attack_nav_coverage.json index db507ac8147..957f5292abd 100644 --- a/other/sigma_attack_nav_coverage.json +++ b/other/sigma_attack_nav_coverage.json @@ -17,20 +17,9 @@ }, "techniques": [ { - "techniqueID": "T1070", - "tactic": "defense-evasion", - "score": 20, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1078.004", + "techniqueID": "T1078", "tactic": "defense-evasion", - "score": 40, + "score": 60, "color": "", "comment": "", "enabled": true, @@ -39,9 +28,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.004", + "techniqueID": "T1078", "tactic": "persistence", - "score": 40, + "score": 60, "color": "", "comment": "", "enabled": true, @@ -50,9 +39,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.004", + "techniqueID": "T1078", "tactic": "privilege-escalation", - "score": 40, + "score": 60, "color": "", "comment": "", "enabled": true, @@ -61,9 +50,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.004", + "techniqueID": "T1078", "tactic": "initial-access", - "score": 40, + "score": 60, "color": "", "comment": "", "enabled": true, @@ -72,9 +61,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1020", - "tactic": "exfiltration", - "score": 9, + "techniqueID": "T1114.003", + "tactic": "collection", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -83,9 +72,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1490", - "tactic": "impact", - "score": 26, + "techniqueID": "T1090", + "tactic": "command-and-control", + "score": 22, "color": "", "comment": "", "enabled": true, @@ -94,9 +83,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1190", - "tactic": "initial-access", - "score": 145, + "techniqueID": "T1606", + "tactic": "credential-access", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -105,9 +94,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.007", - "tactic": "lateral-movement", - "score": 1, + "techniqueID": "T1528", + "tactic": "credential-access", + "score": 14, "color": "", "comment": "", "enabled": true, @@ -116,9 +105,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.001", + "techniqueID": "T1140", "tactic": "defense-evasion", - "score": 4, + "score": 18, "color": "", "comment": "", "enabled": true, @@ -127,9 +116,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.001", - "tactic": "lateral-movement", - "score": 4, + "techniqueID": "T1098", + "tactic": "persistence", + "score": 29, "color": "", "comment": "", "enabled": true, @@ -139,7 +128,7 @@ }, { "techniqueID": "T1098", - "tactic": "persistence", + "tactic": "privilege-escalation", "score": 29, "color": "", "comment": "", @@ -149,9 +138,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098", - "tactic": "privilege-escalation", - "score": 29, + "techniqueID": "T1589", + "tactic": "reconnaissance", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -160,9 +149,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1486", - "tactic": "impact", - "score": 16, + "techniqueID": "T1110", + "tactic": "credential-access", + "score": 25, "color": "", "comment": "", "enabled": true, @@ -171,9 +160,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1565", - "tactic": "impact", - "score": 3, + "techniqueID": "T1078.004", + "tactic": "defense-evasion", + "score": 40, "color": "", "comment": "", "enabled": true, @@ -182,9 +171,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1566", - "tactic": "initial-access", - "score": 14, + "techniqueID": "T1078.004", + "tactic": "persistence", + "score": 40, "color": "", "comment": "", "enabled": true, @@ -193,9 +182,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1566.002", - "tactic": "initial-access", - "score": 2, + "techniqueID": "T1078.004", + "tactic": "privilege-escalation", + "score": 40, "color": "", "comment": "", "enabled": true, @@ -204,9 +193,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1005", - "tactic": "collection", - "score": 12, + "techniqueID": "T1078.004", + "tactic": "initial-access", + "score": 40, "color": "", "comment": "", "enabled": true, @@ -215,9 +204,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1537", - "tactic": "exfiltration", - "score": 6, + "techniqueID": "T1552", + "tactic": "credential-access", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -226,9 +215,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.008", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1548", + "tactic": "privilege-escalation", + "score": 20, "color": "", "comment": "", "enabled": true, @@ -237,9 +226,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1110", - "tactic": "credential-access", - "score": 25, + "techniqueID": "T1548", + "tactic": "defense-evasion", + "score": 20, "color": "", "comment": "", "enabled": true, @@ -248,9 +237,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1485", - "tactic": "impact", - "score": 20, + "techniqueID": "T1556", + "tactic": "credential-access", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -259,9 +248,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.009", - "tactic": "execution", - "score": 3, + "techniqueID": "T1556", + "tactic": "defense-evasion", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -270,9 +259,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.007", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1556", + "tactic": "persistence", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -281,9 +270,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1087.004", - "tactic": "discovery", - "score": 3, + "techniqueID": "T1098.003", + "tactic": "persistence", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -292,9 +281,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555", - "tactic": "credential-access", - "score": 8, + "techniqueID": "T1098.003", + "tactic": "privilege-escalation", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -303,9 +292,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003", - "tactic": "credential-access", - "score": 35, + "techniqueID": "T1484", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -314,9 +303,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "defense-evasion", - "score": 60, + "techniqueID": "T1484", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -325,9 +314,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", + "techniqueID": "T1098.001", "tactic": "persistence", - "score": 60, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -336,9 +325,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", + "techniqueID": "T1098.001", "tactic": "privilege-escalation", - "score": 60, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -347,9 +336,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078", - "tactic": "initial-access", - "score": 60, + "techniqueID": "T1098.005", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -358,9 +347,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1548", + "techniqueID": "T1098.005", "tactic": "privilege-escalation", - "score": 20, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -369,8 +358,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1548", - "tactic": "defense-evasion", + "techniqueID": "T1485", + "tactic": "impact", "score": 20, "color": "", "comment": "", @@ -380,9 +369,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1496", + "tactic": "impact", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -391,9 +380,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550", - "tactic": "lateral-movement", - "score": 5, + "techniqueID": "T1489", + "tactic": "impact", + "score": 19, "color": "", "comment": "", "enabled": true, @@ -402,9 +391,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.001", - "tactic": "defense-evasion", - "score": 118, + "techniqueID": "T1053.003", + "tactic": "execution", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -413,9 +402,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1531", - "tactic": "impact", - "score": 9, + "techniqueID": "T1053.003", + "tactic": "persistence", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -424,9 +413,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562", - "tactic": "defense-evasion", - "score": 27, + "techniqueID": "T1053.003", + "tactic": "privilege-escalation", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -435,9 +424,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1525", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1552.007", + "tactic": "credential-access", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -446,9 +435,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1580", - "tactic": "discovery", - "score": 1, + "techniqueID": "T1562.004", + "tactic": "defense-evasion", + "score": 29, "color": "", "comment": "", "enabled": true, @@ -457,9 +446,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1619", - "tactic": "discovery", - "score": 1, + "techniqueID": "T1059", + "tactic": "execution", + "score": 95, "color": "", "comment": "", "enabled": true, @@ -468,9 +457,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1608.003", - "tactic": "resource-development", - "score": 1, + "techniqueID": "T1552.001", + "tactic": "credential-access", + "score": 24, "color": "", "comment": "", "enabled": true, @@ -479,9 +468,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", + "techniqueID": "T1562.007", "tactic": "defense-evasion", - "score": 2, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -490,9 +479,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1565.001", + "tactic": "impact", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -501,9 +490,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", - "tactic": "privilege-escalation", - "score": 2, + "techniqueID": "T1003", + "tactic": "credential-access", + "score": 35, "color": "", "comment": "", "enabled": true, @@ -512,9 +501,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.002", - "tactic": "initial-access", - "score": 2, + "techniqueID": "T1562", + "tactic": "defense-evasion", + "score": 27, "color": "", "comment": "", "enabled": true, @@ -523,9 +512,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556", - "tactic": "credential-access", - "score": 12, + "techniqueID": "T1562.001", + "tactic": "defense-evasion", + "score": 118, "color": "", "comment": "", "enabled": true, @@ -534,9 +523,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556", + "techniqueID": "T1578", "tactic": "defense-evasion", - "score": 12, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -545,9 +534,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556", - "tactic": "persistence", - "score": 12, + "techniqueID": "T1578.003", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -556,9 +545,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1136", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1531", + "tactic": "impact", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -567,9 +556,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1136.003", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1621", + "tactic": "credential-access", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -578,9 +567,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.001", - "tactic": "execution", - "score": 217, + "techniqueID": "T1556.006", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -589,9 +578,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.003", - "tactic": "execution", - "score": 43, + "techniqueID": "T1556.006", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -600,9 +589,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.004", - "tactic": "execution", - "score": 14, + "techniqueID": "T1556.006", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -611,9 +600,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.003", - "tactic": "persistence", - "score": 7, + "techniqueID": "T1087.004", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -622,9 +611,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.003", - "tactic": "privilege-escalation", - "score": 7, + "techniqueID": "T1526", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -633,9 +622,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552", - "tactic": "credential-access", - "score": 11, + "techniqueID": "T1565", + "tactic": "impact", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -644,9 +633,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.007", - "tactic": "credential-access", - "score": 4, + "techniqueID": "T1074", + "tactic": "collection", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -655,9 +644,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1074", - "tactic": "collection", - "score": 2, + "techniqueID": "T1484.002", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -666,9 +655,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1140", - "tactic": "defense-evasion", - "score": 18, + "techniqueID": "T1484.002", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -677,9 +666,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1114.003", + "techniqueID": "T1114", "tactic": "collection", - "score": 1, + "score": 4, "color": "", "comment": "", "enabled": true, @@ -688,9 +677,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1090", + "techniqueID": "T1573", "tactic": "command-and-control", - "score": 22, + "score": 6, "color": "", "comment": "", "enabled": true, @@ -699,9 +688,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1589", - "tactic": "reconnaissance", - "score": 2, + "techniqueID": "T1199", + "tactic": "initial-access", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -710,9 +699,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1528", - "tactic": "credential-access", - "score": 14, + "techniqueID": "T1537", + "tactic": "exfiltration", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -721,9 +710,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1606", - "tactic": "credential-access", - "score": 1, + "techniqueID": "T1486", + "tactic": "impact", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -732,9 +721,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.001", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1020", + "tactic": "exfiltration", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -743,8 +732,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.001", - "tactic": "privilege-escalation", + "techniqueID": "T1136.003", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -754,9 +743,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484", + "techniqueID": "T1070", "tactic": "defense-evasion", - "score": 1, + "score": 20, "color": "", "comment": "", "enabled": true, @@ -765,9 +754,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1550", + "tactic": "defense-evasion", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -776,9 +765,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.005", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1550", + "tactic": "lateral-movement", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -787,9 +776,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1098.005", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1550.001", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -798,9 +787,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059", - "tactic": "execution", - "score": 94, + "techniqueID": "T1550.001", + "tactic": "lateral-movement", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -809,9 +798,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.004", - "tactic": "defense-evasion", - "score": 29, + "techniqueID": "T1190", + "tactic": "initial-access", + "score": 145, "color": "", "comment": "", "enabled": true, @@ -820,9 +809,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1496", - "tactic": "impact", - "score": 13, + "techniqueID": "T1059.001", + "tactic": "execution", + "score": 218, "color": "", "comment": "", "enabled": true, @@ -831,9 +820,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1489", - "tactic": "impact", - "score": 19, + "techniqueID": "T1059.003", + "tactic": "execution", + "score": 43, "color": "", "comment": "", "enabled": true, @@ -842,9 +831,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1565.001", - "tactic": "impact", - "score": 6, + "techniqueID": "T1059.004", + "tactic": "execution", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -853,9 +842,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.001", - "tactic": "credential-access", - "score": 24, + "techniqueID": "T1059.009", + "tactic": "execution", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -864,8 +853,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1578", - "tactic": "defense-evasion", + "techniqueID": "T1021.007", + "tactic": "lateral-movement", "score": 1, "color": "", "comment": "", @@ -875,9 +864,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.003", - "tactic": "execution", - "score": 7, + "techniqueID": "T1562.008", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -886,9 +875,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.003", - "tactic": "persistence", - "score": 7, + "techniqueID": "T1608.003", + "tactic": "resource-development", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -897,9 +886,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.003", - "tactic": "privilege-escalation", - "score": 7, + "techniqueID": "T1525", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -908,9 +897,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1578.003", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1566", + "tactic": "initial-access", + "score": 14, "color": "", "comment": "", "enabled": true, @@ -919,8 +908,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1621", - "tactic": "credential-access", + "techniqueID": "T1566.002", + "tactic": "initial-access", "score": 2, "color": "", "comment": "", @@ -930,9 +919,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.006", - "tactic": "credential-access", - "score": 3, + "techniqueID": "T1580", + "tactic": "discovery", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -941,9 +930,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.006", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1619", + "tactic": "discovery", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -952,9 +941,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.006", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1005", + "tactic": "collection", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -963,9 +952,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1526", - "tactic": "discovery", - "score": 3, + "techniqueID": "T1490", + "tactic": "impact", + "score": 26, "color": "", "comment": "", "enabled": true, @@ -974,9 +963,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1573", - "tactic": "command-and-control", - "score": 6, + "techniqueID": "T1136", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -985,9 +974,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1114", - "tactic": "collection", - "score": 4, + "techniqueID": "T1078.002", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -996,9 +985,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1199", - "tactic": "initial-access", - "score": 1, + "techniqueID": "T1078.002", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1007,9 +996,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484.002", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1078.002", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1018,20 +1007,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484.002", - "tactic": "privilege-escalation", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1071.001", - "tactic": "command-and-control", - "score": 40, + "techniqueID": "T1078.002", + "tactic": "initial-access", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1040,9 +1018,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1590", - "tactic": "reconnaissance", - "score": 2, + "techniqueID": "T1555", + "tactic": "credential-access", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1062,20 +1040,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1568", - "tactic": "command-and-control", - "score": 1, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1584", - "tactic": "resource-development", - "score": 4, + "techniqueID": "T1027", + "tactic": "defense-evasion", + "score": 94, "color": "", "comment": "", "enabled": true, @@ -1084,9 +1051,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1567.002", + "techniqueID": "T1567", "tactic": "exfiltration", - "score": 13, + "score": 12, "color": "", "comment": "", "enabled": true, @@ -1095,9 +1062,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1102.001", + "techniqueID": "T1568.002", "tactic": "command-and-control", - "score": 4, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1106,9 +1073,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1102.003", + "techniqueID": "T1572", "tactic": "command-and-control", - "score": 2, + "score": 24, "color": "", "comment": "", "enabled": true, @@ -1117,9 +1084,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1197", - "tactic": "defense-evasion", - "score": 17, + "techniqueID": "T1102", + "tactic": "command-and-control", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -1128,9 +1095,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1197", - "tactic": "persistence", - "score": 17, + "techniqueID": "T1571", + "tactic": "command-and-control", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -1139,9 +1106,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1203", - "tactic": "execution", - "score": 31, + "techniqueID": "T1082", + "tactic": "discovery", + "score": 33, "color": "", "comment": "", "enabled": true, @@ -1150,9 +1117,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1204.002", - "tactic": "execution", - "score": 32, + "techniqueID": "T1056.001", + "tactic": "collection", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -1161,8 +1128,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1595", - "tactic": "reconnaissance", + "techniqueID": "T1056.001", + "tactic": "credential-access", "score": 3, "color": "", "comment": "", @@ -1172,9 +1139,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1056", + "techniqueID": "T1123", "tactic": "collection", - "score": 2, + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1183,8 +1150,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1056", - "tactic": "credential-access", + "techniqueID": "T1055.009", + "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -1194,9 +1161,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1102.002", - "tactic": "command-and-control", - "score": 4, + "techniqueID": "T1055.009", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1205,9 +1172,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1189", - "tactic": "initial-access", - "score": 3, + "techniqueID": "T1201", + "tactic": "discovery", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1216,9 +1183,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.005", - "tactic": "defense-evasion", - "score": 18, + "techniqueID": "T1069.001", + "tactic": "discovery", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -1227,9 +1194,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505.003", - "tactic": "persistence", - "score": 34, + "techniqueID": "T1007", + "tactic": "discovery", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -1238,9 +1205,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1083", + "techniqueID": "T1033", "tactic": "discovery", - "score": 24, + "score": 31, "color": "", "comment": "", "enabled": true, @@ -1249,9 +1216,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1221", + "techniqueID": "T1222.002", "tactic": "defense-evasion", - "score": 2, + "score": 4, "color": "", "comment": "", "enabled": true, @@ -1260,9 +1227,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1499.004", - "tactic": "impact", - "score": 3, + "techniqueID": "T1059.012", + "tactic": "execution", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1271,9 +1238,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1210", - "tactic": "lateral-movement", - "score": 15, + "techniqueID": "T1529", + "tactic": "impact", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1282,9 +1249,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1071.004", - "tactic": "command-and-control", - "score": 17, + "techniqueID": "T1083", + "tactic": "discovery", + "score": 24, "color": "", "comment": "", "enabled": true, @@ -1304,9 +1271,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1567", - "tactic": "exfiltration", - "score": 12, + "techniqueID": "T1133", + "tactic": "persistence", + "score": 19, "color": "", "comment": "", "enabled": true, @@ -1315,9 +1282,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1595.002", - "tactic": "reconnaissance", - "score": 1, + "techniqueID": "T1133", + "tactic": "initial-access", + "score": 19, "color": "", "comment": "", "enabled": true, @@ -1326,9 +1293,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.002", - "tactic": "lateral-movement", - "score": 37, + "techniqueID": "T1593.003", + "tactic": "reconnaissance", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1337,9 +1304,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.002", - "tactic": "credential-access", - "score": 26, + "techniqueID": "T1115", + "tactic": "collection", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1348,9 +1315,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.001", - "tactic": "credential-access", - "score": 78, + "techniqueID": "T1564", + "tactic": "defense-evasion", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -1359,9 +1326,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.003", - "tactic": "credential-access", - "score": 23, + "techniqueID": "T1070.002", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -1370,9 +1337,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557.001", - "tactic": "credential-access", - "score": 10, + "techniqueID": "T1087.001", + "tactic": "discovery", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -1381,9 +1348,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557.001", - "tactic": "collection", - "score": 10, + "techniqueID": "T1018", + "tactic": "discovery", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -1392,9 +1359,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1187", - "tactic": "credential-access", - "score": 7, + "techniqueID": "T1203", + "tactic": "execution", + "score": 31, "color": "", "comment": "", "enabled": true, @@ -1403,9 +1370,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1048", - "tactic": "exfiltration", - "score": 11, + "techniqueID": "T1068", + "tactic": "privilege-escalation", + "score": 29, "color": "", "comment": "", "enabled": true, @@ -1414,9 +1381,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.004", - "tactic": "credential-access", - "score": 11, + "techniqueID": "T1592.004", + "tactic": "reconnaissance", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -1425,9 +1392,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1569.002", - "tactic": "execution", - "score": 43, + "techniqueID": "T1562.012", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1436,9 +1403,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1095", - "tactic": "command-and-control", - "score": 3, + "techniqueID": "T1070.006", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1447,9 +1414,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1571", - "tactic": "command-and-control", - "score": 5, + "techniqueID": "T1046", + "tactic": "discovery", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -1458,9 +1425,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.001", - "tactic": "lateral-movement", - "score": 15, + "techniqueID": "T1587", + "tactic": "resource-development", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -1469,9 +1436,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1047", - "tactic": "execution", - "score": 49, + "techniqueID": "T1070.004", + "tactic": "defense-evasion", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -1480,9 +1447,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.002", - "tactic": "execution", - "score": 8, + "techniqueID": "T1653", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1491,9 +1458,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.002", - "tactic": "persistence", - "score": 8, + "techniqueID": "T1553.004", + "tactic": "defense-evasion", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -1502,9 +1469,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.002", - "tactic": "privilege-escalation", - "score": 8, + "techniqueID": "T1036", + "tactic": "defense-evasion", + "score": 41, "color": "", "comment": "", "enabled": true, @@ -1513,9 +1480,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1558.003", - "tactic": "credential-access", - "score": 17, + "techniqueID": "T1016", + "tactic": "discovery", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -1524,9 +1491,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.004", + "techniqueID": "T1505.003", "tactic": "persistence", - "score": 3, + "score": 34, "color": "", "comment": "", "enabled": true, @@ -1535,9 +1502,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.004", - "tactic": "privilege-escalation", - "score": 3, + "techniqueID": "T1219.002", + "tactic": "command-and-control", + "score": 44, "color": "", "comment": "", "enabled": true, @@ -1546,9 +1513,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557", - "tactic": "credential-access", - "score": 6, + "techniqueID": "T1049", + "tactic": "discovery", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1557,9 +1524,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557", - "tactic": "collection", - "score": 6, + "techniqueID": "T1562.003", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1568,8 +1535,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1495", - "tactic": "impact", + "techniqueID": "T1014", + "tactic": "defense-evasion", "score": 1, "color": "", "comment": "", @@ -1579,8 +1546,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1529", - "tactic": "impact", + "techniqueID": "T1518.001", + "tactic": "discovery", "score": 8, "color": "", "comment": "", @@ -1590,9 +1557,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1136.001", - "tactic": "persistence", - "score": 16, + "techniqueID": "T1548.001", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1601,9 +1568,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1201", - "tactic": "discovery", - "score": 6, + "techniqueID": "T1548.001", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1612,9 +1579,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1057", - "tactic": "discovery", - "score": 7, + "techniqueID": "T1071.001", + "tactic": "command-and-control", + "score": 40, "color": "", "comment": "", "enabled": true, @@ -1623,9 +1590,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1018", - "tactic": "discovery", - "score": 16, + "techniqueID": "T1053.002", + "tactic": "execution", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1634,9 +1601,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1082", - "tactic": "discovery", - "score": 33, + "techniqueID": "T1053.002", + "tactic": "persistence", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1645,9 +1612,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1016", - "tactic": "discovery", - "score": 12, + "techniqueID": "T1053.002", + "tactic": "privilege-escalation", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -1656,9 +1623,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1049", - "tactic": "discovery", - "score": 9, + "techniqueID": "T1574.006", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1667,9 +1634,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1033", - "tactic": "discovery", - "score": 30, + "techniqueID": "T1574.006", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1678,9 +1645,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1124", - "tactic": "discovery", - "score": 3, + "techniqueID": "T1574.006", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1689,9 +1656,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.003", - "tactic": "defense-evasion", - "score": 9, + "techniqueID": "T1136.001", + "tactic": "persistence", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -1700,9 +1667,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1040", - "tactic": "credential-access", - "score": 9, + "techniqueID": "T1204.001", + "tactic": "execution", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -1711,8 +1678,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1040", - "tactic": "discovery", + "techniqueID": "T1070.003", + "tactic": "defense-evasion", "score": 9, "color": "", "comment": "", @@ -1722,9 +1689,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505", + "techniqueID": "T1543.003", "tactic": "persistence", - "score": 1, + "score": 45, "color": "", "comment": "", "enabled": true, @@ -1733,9 +1700,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1565.002", - "tactic": "impact", - "score": 2, + "techniqueID": "T1543.003", + "tactic": "privilege-escalation", + "score": 45, "color": "", "comment": "", "enabled": true, @@ -1744,9 +1711,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053", - "tactic": "execution", - "score": 12, + "techniqueID": "T1584", + "tactic": "resource-development", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -1755,9 +1722,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053", + "techniqueID": "T1547.006", "tactic": "persistence", - "score": 12, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1766,9 +1733,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053", + "techniqueID": "T1547.006", "tactic": "privilege-escalation", - "score": 12, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1777,9 +1744,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1560.001", - "tactic": "collection", - "score": 16, + "techniqueID": "T1030", + "tactic": "exfiltration", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1788,9 +1755,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.003", - "tactic": "credential-access", - "score": 3, + "techniqueID": "T1057", + "tactic": "discovery", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -1799,9 +1766,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.004", + "techniqueID": "T1562.006", "tactic": "defense-evasion", - "score": 10, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -1810,9 +1777,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.004", - "tactic": "credential-access", - "score": 7, + "techniqueID": "T1499", + "tactic": "impact", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1821,9 +1788,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.004", - "tactic": "defense-evasion", - "score": 15, + "techniqueID": "T1574.001", + "tactic": "persistence", + "score": 89, "color": "", "comment": "", "enabled": true, @@ -1832,9 +1799,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1561.001", - "tactic": "impact", - "score": 1, + "techniqueID": "T1574.001", + "tactic": "privilege-escalation", + "score": 89, "color": "", "comment": "", "enabled": true, @@ -1843,9 +1810,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1561.002", - "tactic": "impact", - "score": 1, + "techniqueID": "T1574.001", + "tactic": "defense-evasion", + "score": 89, "color": "", "comment": "", "enabled": true, @@ -1854,9 +1821,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1087.001", - "tactic": "discovery", - "score": 13, + "techniqueID": "T1106", + "tactic": "execution", + "score": 14, "color": "", "comment": "", "enabled": true, @@ -1865,9 +1832,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1133", + "techniqueID": "T1543.002", "tactic": "persistence", - "score": 19, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1876,9 +1843,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1133", - "tactic": "initial-access", - "score": 19, + "techniqueID": "T1543.002", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -1887,9 +1854,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.002", - "tactic": "defense-evasion", - "score": 26, + "techniqueID": "T1546.004", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1898,9 +1865,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1548.002", - "tactic": "privilege-escalation", - "score": 54, + "techniqueID": "T1546.004", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -1909,9 +1876,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1548.002", + "techniqueID": "T1036.003", "tactic": "defense-evasion", - "score": 54, + "score": 28, "color": "", "comment": "", "enabled": true, @@ -1920,9 +1887,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.003", + "techniqueID": "T1027.003", "tactic": "defense-evasion", - "score": 7, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -1931,9 +1898,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1559.001", - "tactic": "execution", - "score": 4, + "techniqueID": "T1552.003", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -1942,9 +1909,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1106", - "tactic": "execution", - "score": 14, + "techniqueID": "T1564.001", + "tactic": "defense-evasion", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1953,9 +1920,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.006", - "tactic": "lateral-movement", - "score": 11, + "techniqueID": "T1040", + "tactic": "credential-access", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1964,9 +1931,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.003", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1040", + "tactic": "discovery", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -1975,9 +1942,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.003", - "tactic": "privilege-escalation", - "score": 2, + "techniqueID": "T1113", + "tactic": "collection", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -1986,9 +1953,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.011", + "techniqueID": "T1027.001", "tactic": "defense-evasion", - "score": 1, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -1997,9 +1964,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.011", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1560.001", + "tactic": "collection", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -2008,9 +1975,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.011", - "tactic": "privilege-escalation", - "score": 6, + "techniqueID": "T1212", + "tactic": "credential-access", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2019,9 +1986,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.011", - "tactic": "persistence", - "score": 6, + "techniqueID": "T1588.001", + "tactic": "resource-development", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2030,9 +1997,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1046", - "tactic": "discovery", - "score": 15, + "techniqueID": "T1204", + "tactic": "execution", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -2041,9 +2008,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1518", - "tactic": "discovery", - "score": 4, + "techniqueID": "T1558", + "tactic": "credential-access", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -2052,9 +2019,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.003", + "techniqueID": "T1003.001", "tactic": "credential-access", - "score": 8, + "score": 78, "color": "", "comment": "", "enabled": true, @@ -2063,9 +2030,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1615", - "tactic": "discovery", - "score": 5, + "techniqueID": "T1003.002", + "tactic": "credential-access", + "score": 26, "color": "", "comment": "", "enabled": true, @@ -2074,8 +2041,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.005", - "tactic": "persistence", + "techniqueID": "T1588", + "tactic": "resource-development", "score": 2, "color": "", "comment": "", @@ -2085,8 +2052,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.005", - "tactic": "privilege-escalation", + "techniqueID": "T1505.001", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -2096,9 +2063,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.005", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1021.003", + "tactic": "lateral-movement", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -2107,9 +2074,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.004", - "tactic": "defense-evasion", - "score": 23, + "techniqueID": "T1047", + "tactic": "execution", + "score": 49, "color": "", "comment": "", "enabled": true, @@ -2118,9 +2085,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1202", - "tactic": "defense-evasion", - "score": 39, + "techniqueID": "T1087", + "tactic": "discovery", + "score": 16, "color": "", "comment": "", "enabled": true, @@ -2129,9 +2096,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.005", + "techniqueID": "T1053", "tactic": "execution", - "score": 25, + "score": 12, "color": "", "comment": "", "enabled": true, @@ -2140,9 +2107,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.007", - "tactic": "execution", - "score": 21, + "techniqueID": "T1053", + "tactic": "persistence", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -2151,9 +2118,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1649", - "tactic": "credential-access", - "score": 5, + "techniqueID": "T1053", + "tactic": "privilege-escalation", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -2162,9 +2129,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.002", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1569.002", + "tactic": "execution", + "score": 43, "color": "", "comment": "", "enabled": true, @@ -2173,9 +2140,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546", - "tactic": "privilege-escalation", - "score": 10, + "techniqueID": "T1112", + "tactic": "defense-evasion", + "score": 92, "color": "", "comment": "", "enabled": true, @@ -2184,9 +2151,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546", + "techniqueID": "T1112", "tactic": "persistence", - "score": 10, + "score": 92, "color": "", "comment": "", "enabled": true, @@ -2195,9 +2162,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1569", - "tactic": "execution", - "score": 4, + "techniqueID": "T1213", + "tactic": "collection", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -2217,9 +2184,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1127", - "tactic": "defense-evasion", - "score": 20, + "techniqueID": "T1498", + "tactic": "impact", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2228,9 +2195,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1572", - "tactic": "command-and-control", - "score": 24, + "techniqueID": "T1041", + "tactic": "exfiltration", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2239,9 +2206,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.004", - "tactic": "lateral-movement", - "score": 4, + "techniqueID": "T1213.003", + "tactic": "collection", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2250,9 +2217,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036", - "tactic": "defense-evasion", - "score": 41, + "techniqueID": "T1195.001", + "tactic": "initial-access", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2261,9 +2228,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218", - "tactic": "defense-evasion", - "score": 150, + "techniqueID": "T1567.001", + "tactic": "exfiltration", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2272,9 +2239,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1012", - "tactic": "discovery", - "score": 14, + "techniqueID": "T1609", + "tactic": "execution", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2283,9 +2250,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1007", - "tactic": "discovery", - "score": 11, + "techniqueID": "T1611", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2294,9 +2261,20 @@ "showSubtechniques": false }, { - "techniqueID": "T1482", + "techniqueID": "T1036.005", + "tactic": "defense-evasion", + "score": 18, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1069.003", "tactic": "discovery", - "score": 17, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2305,9 +2283,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.010", - "tactic": "defense-evasion", - "score": 8, + "techniqueID": "T1021.004", + "tactic": "lateral-movement", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2316,9 +2294,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.007", - "tactic": "defense-evasion", - "score": 10, + "techniqueID": "T1586", + "tactic": "resource-development", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2327,9 +2305,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.002", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1591.004", + "tactic": "reconnaissance", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2338,9 +2316,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.001", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1003.004", + "tactic": "credential-access", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -2349,9 +2327,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.001", - "tactic": "privilege-escalation", - "score": 3, + "techniqueID": "T1003.003", + "tactic": "credential-access", + "score": 23, "color": "", "comment": "", "enabled": true, @@ -2360,9 +2338,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.005", - "tactic": "execution", - "score": 51, + "techniqueID": "T1048", + "tactic": "exfiltration", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -2371,9 +2349,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.005", - "tactic": "persistence", - "score": 51, + "techniqueID": "T1021.002", + "tactic": "lateral-movement", + "score": 37, "color": "", "comment": "", "enabled": true, @@ -2382,9 +2360,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1053.005", - "tactic": "privilege-escalation", - "score": 51, + "techniqueID": "T1557.001", + "tactic": "credential-access", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -2393,9 +2371,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.011", - "tactic": "defense-evasion", - "score": 43, + "techniqueID": "T1557.001", + "tactic": "collection", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -2404,9 +2382,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.008", - "tactic": "defense-evasion", - "score": 8, + "techniqueID": "T1187", + "tactic": "credential-access", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -2415,9 +2393,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1216", - "tactic": "defense-evasion", - "score": 13, + "techniqueID": "T1021.001", + "tactic": "lateral-movement", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -2426,9 +2404,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1185", - "tactic": "collection", - "score": 2, + "techniqueID": "T1095", + "tactic": "command-and-control", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2437,9 +2415,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.003", - "tactic": "defense-evasion", - "score": 28, + "techniqueID": "T1547.004", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2448,9 +2426,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.002", - "tactic": "defense-evasion", - "score": 6, + "techniqueID": "T1547.004", + "tactic": "privilege-escalation", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2459,9 +2437,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.002", - "tactic": "privilege-escalation", - "score": 6, + "techniqueID": "T1558.003", + "tactic": "credential-access", + "score": 17, "color": "", "comment": "", "enabled": true, @@ -2470,9 +2448,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.005", - "tactic": "defense-evasion", - "score": 8, + "techniqueID": "T1595.002", + "tactic": "reconnaissance", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2481,9 +2459,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.005", - "tactic": "credential-access", - "score": 8, + "techniqueID": "T1071.004", + "tactic": "command-and-control", + "score": 17, "color": "", "comment": "", "enabled": true, @@ -2492,9 +2470,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.010", - "tactic": "defense-evasion", - "score": 19, + "techniqueID": "T1102.002", + "tactic": "command-and-control", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2503,9 +2481,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1212", - "tactic": "credential-access", - "score": 5, + "techniqueID": "T1495", + "tactic": "impact", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2514,9 +2492,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1119", - "tactic": "collection", - "score": 5, + "techniqueID": "T1505", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2525,8 +2503,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1563.002", - "tactic": "lateral-movement", + "techniqueID": "T1565.002", + "tactic": "impact", "score": 2, "color": "", "comment": "", @@ -2536,9 +2514,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1222.001", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1552.004", + "tactic": "credential-access", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -2547,9 +2525,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1539", - "tactic": "credential-access", - "score": 2, + "techniqueID": "T1561.001", + "tactic": "impact", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2558,9 +2536,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027", - "tactic": "defense-evasion", - "score": 94, + "techniqueID": "T1561.002", + "tactic": "impact", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2569,9 +2547,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.009", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1124", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2580,9 +2558,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.001", - "tactic": "defense-evasion", - "score": 9, + "techniqueID": "T1557", + "tactic": "credential-access", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -2591,9 +2569,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.001", - "tactic": "privilege-escalation", - "score": 9, + "techniqueID": "T1557", + "tactic": "collection", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -2602,9 +2580,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.003", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1037.005", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2613,9 +2591,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.003", + "techniqueID": "T1037.005", "tactic": "privilege-escalation", - "score": 3, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2624,9 +2602,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1112", - "tactic": "defense-evasion", - "score": 92, + "techniqueID": "T1546.014", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2635,9 +2613,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1112", + "techniqueID": "T1546.014", "tactic": "persistence", - "score": 92, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2646,7 +2624,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1220", + "techniqueID": "T1078.003", "tactic": "defense-evasion", "score": 5, "color": "", @@ -2657,9 +2635,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1087.002", - "tactic": "discovery", - "score": 21, + "techniqueID": "T1078.003", + "tactic": "persistence", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2668,9 +2646,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1069.002", - "tactic": "discovery", - "score": 15, + "techniqueID": "T1078.003", + "tactic": "privilege-escalation", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2679,9 +2657,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1217", - "tactic": "discovery", - "score": 4, + "techniqueID": "T1078.003", + "tactic": "initial-access", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -2690,9 +2668,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.001", - "tactic": "persistence", - "score": 89, + "techniqueID": "T1569.001", + "tactic": "execution", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2701,9 +2679,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.001", - "tactic": "privilege-escalation", - "score": 89, + "techniqueID": "T1543.001", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2712,9 +2690,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.001", - "tactic": "defense-evasion", - "score": 89, + "techniqueID": "T1543.001", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2723,9 +2701,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1132.001", - "tactic": "command-and-control", - "score": 4, + "techniqueID": "T1543.004", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2734,9 +2712,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1219.002", - "tactic": "command-and-control", - "score": 44, + "techniqueID": "T1543.004", + "tactic": "privilege-escalation", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2745,9 +2723,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.004", + "techniqueID": "T1218", "tactic": "defense-evasion", - "score": 3, + "score": 150, "color": "", "comment": "", "enabled": true, @@ -2756,9 +2734,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1587.001", - "tactic": "resource-development", - "score": 11, + "techniqueID": "T1564.004", + "tactic": "defense-evasion", + "score": 23, "color": "", "comment": "", "enabled": true, @@ -2767,9 +2745,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1189", + "tactic": "initial-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2778,9 +2756,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134", - "tactic": "privilege-escalation", - "score": 2, + "techniqueID": "T1564.002", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2789,9 +2767,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.002", + "techniqueID": "T1555.001", "tactic": "credential-access", - "score": 5, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2800,9 +2778,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1090.001", - "tactic": "command-and-control", - "score": 6, + "techniqueID": "T1497.001", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2811,9 +2789,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.003", - "tactic": "persistence", - "score": 45, + "techniqueID": "T1497.001", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2822,9 +2800,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.003", - "tactic": "privilege-escalation", - "score": 45, + "techniqueID": "T1566.001", + "tactic": "initial-access", + "score": 23, "color": "", "comment": "", "enabled": true, @@ -2833,9 +2811,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1588.002", - "tactic": "resource-development", - "score": 9, + "techniqueID": "T1059.002", + "tactic": "execution", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -2844,9 +2822,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1566.001", - "tactic": "initial-access", - "score": 23, + "techniqueID": "T1056.002", + "tactic": "collection", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2855,9 +2833,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1614.001", - "tactic": "discovery", - "score": 1, + "techniqueID": "T1056.002", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -2866,9 +2844,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1135", - "tactic": "discovery", - "score": 7, + "techniqueID": "T1078.001", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2877,8 +2855,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1219", - "tactic": "command-and-control", + "techniqueID": "T1078.001", + "tactic": "persistence", "score": 4, "color": "", "comment": "", @@ -2888,8 +2866,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1074.001", - "tactic": "collection", + "techniqueID": "T1078.001", + "tactic": "privilege-escalation", "score": 4, "color": "", "comment": "", @@ -2899,9 +2877,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1113", - "tactic": "collection", - "score": 10, + "techniqueID": "T1078.001", + "tactic": "initial-access", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2910,9 +2888,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.003", + "techniqueID": "T1036.006", "tactic": "defense-evasion", - "score": 7, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2921,9 +2899,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.001", - "tactic": "defense-evasion", - "score": 9, + "techniqueID": "T1137.002", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -2932,9 +2910,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1518.001", - "tactic": "discovery", - "score": 8, + "techniqueID": "T1204.002", + "tactic": "execution", + "score": 32, "color": "", "comment": "", "enabled": true, @@ -2943,9 +2921,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1087", - "tactic": "discovery", - "score": 16, + "techniqueID": "T1553", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -2954,9 +2932,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1069.001", - "tactic": "discovery", - "score": 16, + "techniqueID": "T1059.007", + "tactic": "execution", + "score": 21, "color": "", "comment": "", "enabled": true, @@ -2965,9 +2943,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1069", - "tactic": "discovery", - "score": 3, + "techniqueID": "T1071", + "tactic": "command-and-control", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -2976,9 +2954,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1068", - "tactic": "privilege-escalation", - "score": 29, + "techniqueID": "T1553.001", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2987,9 +2965,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.008", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1586.003", + "tactic": "resource-development", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -2998,8 +2976,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.008", - "tactic": "privilege-escalation", + "techniqueID": "T1590", + "tactic": "reconnaissance", "score": 2, "color": "", "comment": "", @@ -3009,9 +2987,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.008", + "techniqueID": "T1197", "tactic": "defense-evasion", - "score": 2, + "score": 17, "color": "", "comment": "", "enabled": true, @@ -3020,9 +2998,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547", + "techniqueID": "T1197", "tactic": "persistence", - "score": 7, + "score": 17, "color": "", "comment": "", "enabled": true, @@ -3031,9 +3009,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547", - "tactic": "privilege-escalation", - "score": 7, + "techniqueID": "T1102.001", + "tactic": "command-and-control", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3042,9 +3020,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.011", - "tactic": "persistence", - "score": 11, + "techniqueID": "T1102.003", + "tactic": "command-and-control", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3053,9 +3031,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.011", - "tactic": "privilege-escalation", - "score": 11, + "techniqueID": "T1568", + "tactic": "command-and-control", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3064,9 +3042,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.011", - "tactic": "defense-evasion", - "score": 11, + "techniqueID": "T1595", + "tactic": "reconnaissance", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -3075,9 +3053,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.001", - "tactic": "defense-evasion", - "score": 6, + "techniqueID": "T1567.002", + "tactic": "exfiltration", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -3086,8 +3064,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1620", - "tactic": "defense-evasion", + "techniqueID": "T1056", + "tactic": "collection", "score": 2, "color": "", "comment": "", @@ -3097,9 +3075,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.005", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1056", + "tactic": "credential-access", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3108,9 +3086,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.015", - "tactic": "privilege-escalation", - "score": 9, + "techniqueID": "T1221", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3119,9 +3097,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.015", - "tactic": "persistence", - "score": 9, + "techniqueID": "T1499.004", + "tactic": "impact", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -3130,9 +3108,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1048.001", - "tactic": "exfiltration", - "score": 1, + "techniqueID": "T1210", + "tactic": "lateral-movement", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -3141,9 +3119,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1542.001", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1127", + "tactic": "defense-evasion", + "score": 20, "color": "", "comment": "", "enabled": true, @@ -3152,9 +3130,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1542.001", + "techniqueID": "T1055.001", "tactic": "defense-evasion", - "score": 2, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3163,9 +3141,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.004", - "tactic": "credential-access", - "score": 4, + "techniqueID": "T1055.001", + "tactic": "privilege-escalation", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3174,9 +3152,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.006", - "tactic": "execution", - "score": 8, + "techniqueID": "T1218.011", + "tactic": "defense-evasion", + "score": 43, "color": "", "comment": "", "enabled": true, @@ -3185,9 +3163,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1110.002", - "tactic": "credential-access", - "score": 1, + "techniqueID": "T1055", + "tactic": "defense-evasion", + "score": 33, "color": "", "comment": "", "enabled": true, @@ -3196,9 +3174,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.004", - "tactic": "defense-evasion", - "score": 6, + "techniqueID": "T1055", + "tactic": "privilege-escalation", + "score": 33, "color": "", "comment": "", "enabled": true, @@ -3207,9 +3185,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1123", - "tactic": "collection", - "score": 6, + "techniqueID": "T1055.003", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3218,9 +3196,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.003", + "techniqueID": "T1055.003", "tactic": "privilege-escalation", - "score": 12, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3229,9 +3207,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.003", - "tactic": "persistence", - "score": 12, + "techniqueID": "T1055.012", + "tactic": "defense-evasion", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -3240,9 +3218,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.008", + "techniqueID": "T1055.012", "tactic": "privilege-escalation", - "score": 6, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -3251,9 +3229,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.008", - "tactic": "persistence", - "score": 6, + "techniqueID": "T1059.005", + "tactic": "execution", + "score": 25, "color": "", "comment": "", "enabled": true, @@ -3262,9 +3240,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505.002", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1218.005", + "tactic": "defense-evasion", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3273,9 +3251,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.002", + "techniqueID": "T1555.005", "tactic": "credential-access", - "score": 3, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3284,8 +3262,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.002", - "tactic": "defense-evasion", + "techniqueID": "T1554", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -3295,9 +3273,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1556.002", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1482", + "tactic": "discovery", + "score": 17, "color": "", "comment": "", "enabled": true, @@ -3306,9 +3284,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1072", - "tactic": "execution", - "score": 4, + "techniqueID": "T1090.003", + "tactic": "command-and-control", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -3317,8 +3295,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1072", - "tactic": "lateral-movement", + "techniqueID": "T1559.001", + "tactic": "execution", "score": 4, "color": "", "comment": "", @@ -3328,9 +3306,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1216.001", + "techniqueID": "T1218.010", "tactic": "defense-evasion", - "score": 2, + "score": 19, "color": "", "comment": "", "enabled": true, @@ -3339,9 +3317,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1204", - "tactic": "execution", - "score": 10, + "techniqueID": "T1003.005", + "tactic": "credential-access", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3350,9 +3328,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1552.006", - "tactic": "credential-access", - "score": 6, + "techniqueID": "T1134.001", + "tactic": "defense-evasion", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -3361,9 +3339,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.001", - "tactic": "persistence", - "score": 38, + "techniqueID": "T1134.001", + "tactic": "privilege-escalation", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -3372,9 +3350,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.001", + "techniqueID": "T1546.003", "tactic": "privilege-escalation", - "score": 38, + "score": 12, "color": "", "comment": "", "enabled": true, @@ -3383,9 +3361,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1120", - "tactic": "discovery", - "score": 2, + "techniqueID": "T1546.003", + "tactic": "persistence", + "score": 12, "color": "", "comment": "", "enabled": true, @@ -3394,7 +3372,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.005", + "techniqueID": "T1550.003", "tactic": "defense-evasion", "score": 4, "color": "", @@ -3405,9 +3383,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.003", + "techniqueID": "T1550.003", "tactic": "lateral-movement", - "score": 13, + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3416,9 +3394,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1570", - "tactic": "lateral-movement", - "score": 5, + "techniqueID": "T1218.003", + "tactic": "defense-evasion", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -3427,9 +3405,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1176.001", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1127.001", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3438,9 +3416,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055", + "techniqueID": "T1218.009", "tactic": "defense-evasion", - "score": 33, + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3449,9 +3427,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055", - "tactic": "privilege-escalation", - "score": 33, + "techniqueID": "T1021.006", + "tactic": "lateral-movement", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -3460,9 +3438,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1204.004", - "tactic": "execution", - "score": 6, + "techniqueID": "T1090.002", + "tactic": "command-and-control", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3471,9 +3449,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1102", - "tactic": "command-and-control", - "score": 13, + "techniqueID": "T1562.002", + "tactic": "defense-evasion", + "score": 26, "color": "", "comment": "", "enabled": true, @@ -3482,9 +3460,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.007", + "techniqueID": "T1055.011", "tactic": "defense-evasion", - "score": 3, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3493,9 +3471,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.009", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1055.011", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3504,9 +3482,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1593.003", - "tactic": "reconnaissance", - "score": 2, + "techniqueID": "T1548.002", + "tactic": "privilege-escalation", + "score": 54, "color": "", "comment": "", "enabled": true, @@ -3515,9 +3493,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1115", - "tactic": "collection", - "score": 8, + "techniqueID": "T1548.002", + "tactic": "defense-evasion", + "score": 54, "color": "", "comment": "", "enabled": true, @@ -3526,9 +3504,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1211", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1543", + "tactic": "persistence", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -3537,9 +3515,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1204.001", - "tactic": "execution", - "score": 4, + "techniqueID": "T1543", + "tactic": "privilege-escalation", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -3548,9 +3526,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564", + "techniqueID": "T1599.001", "tactic": "defense-evasion", - "score": 10, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3559,8 +3537,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1608", - "tactic": "resource-development", + "techniqueID": "T1218.014", + "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -3570,9 +3548,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.001", + "techniqueID": "T1220", "tactic": "defense-evasion", - "score": 8, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -3581,9 +3559,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.001", - "tactic": "privilege-escalation", - "score": 8, + "techniqueID": "T1574.007", + "tactic": "persistence", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3592,8 +3570,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.013", - "tactic": "defense-evasion", + "techniqueID": "T1574.007", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -3603,9 +3581,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484.001", + "techniqueID": "T1574.007", "tactic": "defense-evasion", - "score": 6, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3614,9 +3592,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1484.001", - "tactic": "privilege-escalation", - "score": 6, + "techniqueID": "T1027.002", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3625,9 +3603,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1587", - "tactic": "resource-development", - "score": 6, + "techniqueID": "T1202", + "tactic": "defense-evasion", + "score": 39, "color": "", "comment": "", "enabled": true, @@ -3636,9 +3614,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1071", - "tactic": "command-and-control", - "score": 7, + "techniqueID": "T1129", + "tactic": "execution", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3647,8 +3625,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.007", - "tactic": "privilege-escalation", + "techniqueID": "T1518", + "tactic": "discovery", "score": 4, "color": "", "comment": "", @@ -3658,9 +3636,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.007", - "tactic": "persistence", - "score": 4, + "techniqueID": "T1588.002", + "tactic": "resource-development", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -3669,9 +3647,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543", - "tactic": "persistence", - "score": 9, + "techniqueID": "T1070.001", + "tactic": "defense-evasion", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -3680,9 +3658,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543", - "tactic": "privilege-escalation", - "score": 9, + "techniqueID": "T1218.001", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -3691,8 +3669,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1553", - "tactic": "defense-evasion", + "techniqueID": "T1546.002", + "tactic": "privilege-escalation", "score": 4, "color": "", "comment": "", @@ -3702,8 +3680,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1560", - "tactic": "collection", + "techniqueID": "T1546.002", + "tactic": "persistence", "score": 4, "color": "", "comment": "", @@ -3713,9 +3691,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.001", - "tactic": "defense-evasion", - "score": 7, + "techniqueID": "T1587.001", + "tactic": "resource-development", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -3724,9 +3702,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505.004", - "tactic": "persistence", - "score": 5, + "techniqueID": "T1074.001", + "tactic": "collection", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3735,9 +3713,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1090.003", - "tactic": "command-and-control", - "score": 3, + "techniqueID": "T1027.004", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -3746,9 +3724,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.012", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1574.011", + "tactic": "persistence", + "score": 11, "color": "", "comment": "", "enabled": true, @@ -3757,9 +3735,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.012", + "techniqueID": "T1574.011", "tactic": "privilege-escalation", - "score": 5, + "score": 11, "color": "", "comment": "", "enabled": true, @@ -3768,9 +3746,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1218.014", + "techniqueID": "T1574.011", "tactic": "defense-evasion", - "score": 2, + "score": 11, "color": "", "comment": "", "enabled": true, @@ -3779,9 +3757,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.002", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1012", + "tactic": "discovery", + "score": 14, "color": "", "comment": "", "enabled": true, @@ -3790,9 +3768,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505.005", + "techniqueID": "T1574.008", "tactic": "persistence", - "score": 1, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -3801,8 +3779,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.007", - "tactic": "persistence", + "techniqueID": "T1574.008", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -3812,8 +3790,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.007", - "tactic": "privilege-escalation", + "techniqueID": "T1574.008", + "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -3823,7 +3801,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.007", + "techniqueID": "T1027.009", "tactic": "defense-evasion", "score": 2, "color": "", @@ -3834,9 +3812,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.014", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1087.002", + "tactic": "discovery", + "score": 21, "color": "", "comment": "", "enabled": true, @@ -3845,9 +3823,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.014", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1090.001", + "tactic": "command-and-control", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -3856,9 +3834,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.010", - "tactic": "persistence", - "score": 4, + "techniqueID": "T1216", + "tactic": "defense-evasion", + "score": 13, "color": "", "comment": "", "enabled": true, @@ -3867,9 +3845,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.010", - "tactic": "privilege-escalation", - "score": 4, + "techniqueID": "T1615", + "tactic": "discovery", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -3878,9 +3856,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.002", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1546.011", + "tactic": "privilege-escalation", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -3889,9 +3867,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.002", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1546.011", + "tactic": "persistence", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -3900,9 +3878,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1590.001", - "tactic": "reconnaissance", - "score": 1, + "techniqueID": "T1552.002", + "tactic": "credential-access", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -3911,9 +3889,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1056.002", - "tactic": "collection", - "score": 3, + "techniqueID": "T1072", + "tactic": "execution", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3922,9 +3900,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1056.002", - "tactic": "credential-access", - "score": 3, + "techniqueID": "T1072", + "tactic": "lateral-movement", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3933,9 +3911,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1039", - "tactic": "collection", - "score": 2, + "techniqueID": "T1218.008", + "tactic": "defense-evasion", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -3944,9 +3922,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.001", - "tactic": "privilege-escalation", - "score": 3, + "techniqueID": "T1048.001", + "tactic": "exfiltration", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3955,9 +3933,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.001", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1132.001", + "tactic": "command-and-control", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -3966,9 +3944,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1021.005", - "tactic": "lateral-movement", - "score": 1, + "techniqueID": "T1547.001", + "tactic": "persistence", + "score": 38, "color": "", "comment": "", "enabled": true, @@ -3977,9 +3955,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.003", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1547.001", + "tactic": "privilege-escalation", + "score": 38, "color": "", "comment": "", "enabled": true, @@ -3988,9 +3966,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.003", - "tactic": "lateral-movement", - "score": 4, + "techniqueID": "T1505.005", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -3999,9 +3977,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1622", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1556.002", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4010,9 +3988,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1622", - "tactic": "discovery", - "score": 1, + "techniqueID": "T1556.002", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4021,8 +3999,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1110.001", - "tactic": "credential-access", + "techniqueID": "T1556.002", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -4032,9 +4010,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.006", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1546.008", + "tactic": "privilege-escalation", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4043,9 +4021,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.010", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1546.008", + "tactic": "persistence", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4054,8 +4032,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1491.001", - "tactic": "impact", + "techniqueID": "T1546.007", + "tactic": "privilege-escalation", "score": 4, "color": "", "comment": "", @@ -4065,9 +4043,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.003", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1546.007", + "tactic": "persistence", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4076,9 +4054,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574", + "techniqueID": "T1547.014", "tactic": "persistence", - "score": 8, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4087,9 +4065,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574", + "techniqueID": "T1547.014", "tactic": "privilege-escalation", - "score": 8, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4098,9 +4076,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574", - "tactic": "defense-evasion", - "score": 8, + "techniqueID": "T1547.010", + "tactic": "persistence", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4109,9 +4087,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1564.006", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1547.010", + "tactic": "privilege-escalation", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4120,9 +4098,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.002", - "tactic": "privilege-escalation", - "score": 4, + "techniqueID": "T1547.002", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4131,9 +4109,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.002", - "tactic": "persistence", - "score": 4, + "techniqueID": "T1547.002", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4142,9 +4120,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.004", + "techniqueID": "T1564.006", "tactic": "defense-evasion", - "score": 1, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4153,9 +4131,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.004", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1069.002", + "tactic": "discovery", + "score": 15, "color": "", "comment": "", "enabled": true, @@ -4164,9 +4142,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1003.006", - "tactic": "credential-access", - "score": 7, + "techniqueID": "T1053.005", + "tactic": "execution", + "score": 51, "color": "", "comment": "", "enabled": true, @@ -4175,9 +4153,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1542.003", + "techniqueID": "T1053.005", "tactic": "persistence", - "score": 1, + "score": 51, "color": "", "comment": "", "enabled": true, @@ -4186,9 +4164,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1542.003", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1053.005", + "tactic": "privilege-escalation", + "score": 51, "color": "", "comment": "", "enabled": true, @@ -4197,9 +4175,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1567.001", - "tactic": "exfiltration", - "score": 2, + "techniqueID": "T1027.005", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4208,7 +4186,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1127.001", + "techniqueID": "T1218.002", "tactic": "defense-evasion", "score": 1, "color": "", @@ -4219,9 +4197,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1568.002", - "tactic": "command-and-control", - "score": 2, + "techniqueID": "T1546", + "tactic": "privilege-escalation", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -4230,9 +4208,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1041", - "tactic": "exfiltration", - "score": 5, + "techniqueID": "T1546", + "tactic": "persistence", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -4241,9 +4219,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1090.002", - "tactic": "command-and-control", - "score": 2, + "techniqueID": "T1204.004", + "tactic": "execution", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4252,9 +4230,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1558", - "tactic": "credential-access", - "score": 6, + "techniqueID": "T1027.010", + "tactic": "defense-evasion", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4263,9 +4241,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1554", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1562.010", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4274,9 +4252,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.005", - "tactic": "credential-access", - "score": 1, + "techniqueID": "T1134.002", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4285,9 +4263,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1129", - "tactic": "execution", - "score": 2, + "techniqueID": "T1134.002", + "tactic": "privilege-escalation", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4296,9 +4274,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.002", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1219", + "tactic": "command-and-control", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4307,9 +4285,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1599.001", + "techniqueID": "T1218.013", "tactic": "defense-evasion", - "score": 1, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4318,9 +4296,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1006", + "techniqueID": "T1564.003", "tactic": "defense-evasion", - "score": 1, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -4329,9 +4307,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.006", - "tactic": "defense-evasion", - "score": 6, + "techniqueID": "T1555.003", + "tactic": "credential-access", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4340,9 +4318,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.009", + "techniqueID": "T1547", "tactic": "persistence", - "score": 4, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -4351,9 +4329,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.009", + "techniqueID": "T1547", "tactic": "privilege-escalation", - "score": 4, + "score": 7, "color": "", "comment": "", "enabled": true, @@ -4362,9 +4340,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1001.003", - "tactic": "command-and-control", - "score": 2, + "techniqueID": "T1218.007", + "tactic": "defense-evasion", + "score": 10, "color": "", "comment": "", "enabled": true, @@ -4373,9 +4351,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1137", + "techniqueID": "T1574.005", "tactic": "persistence", - "score": 9, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4384,9 +4362,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1008", - "tactic": "command-and-control", - "score": 4, + "techniqueID": "T1574.005", + "tactic": "privilege-escalation", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4395,9 +4373,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1136.002", - "tactic": "persistence", - "score": 3, + "techniqueID": "T1574.005", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4406,9 +4384,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.013", - "tactic": "privilege-escalation", - "score": 3, + "techniqueID": "T1491.001", + "tactic": "impact", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4417,8 +4395,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.013", - "tactic": "persistence", + "techniqueID": "T1546.001", + "tactic": "privilege-escalation", "score": 3, "color": "", "comment": "", @@ -4428,9 +4406,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1137.006", + "techniqueID": "T1546.001", "tactic": "persistence", - "score": 4, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4439,9 +4417,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1195", - "tactic": "initial-access", - "score": 1, + "techniqueID": "T1608", + "tactic": "resource-development", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4450,8 +4428,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1195.001", - "tactic": "initial-access", + "techniqueID": "T1539", + "tactic": "credential-access", "score": 2, "color": "", "comment": "", @@ -4461,9 +4439,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1137.003", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1211", + "tactic": "defense-evasion", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4472,9 +4450,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.015", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1563.002", + "tactic": "lateral-movement", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4483,9 +4461,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.015", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1552.006", + "tactic": "credential-access", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4494,9 +4472,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.005", - "tactic": "defense-evasion", - "score": 3, + "techniqueID": "T1560", + "tactic": "collection", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4505,8 +4483,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1497.001", - "tactic": "defense-evasion", + "techniqueID": "T1505.002", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -4516,9 +4494,20 @@ "showSubtechniques": false }, { - "techniqueID": "T1497.001", - "tactic": "discovery", - "score": 3, + "techniqueID": "T1542.001", + "tactic": "persistence", + "score": 2, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1542.001", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4527,8 +4516,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1222", - "tactic": "defense-evasion", + "techniqueID": "T1176.001", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -4538,9 +4527,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1056.001", - "tactic": "collection", - "score": 3, + "techniqueID": "T1649", + "tactic": "credential-access", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -4549,9 +4538,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1056.001", + "techniqueID": "T1555.004", "tactic": "credential-access", - "score": 3, + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4560,9 +4549,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1114.001", - "tactic": "collection", - "score": 1, + "techniqueID": "T1569", + "tactic": "execution", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4571,8 +4560,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.012", - "tactic": "persistence", + "techniqueID": "T1120", + "tactic": "discovery", "score": 2, "color": "", "comment": "", @@ -4582,9 +4571,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.012", - "tactic": "privilege-escalation", - "score": 2, + "techniqueID": "T1542.003", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4593,9 +4582,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.012", + "techniqueID": "T1542.003", "tactic": "defense-evasion", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4604,8 +4593,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1589.002", - "tactic": "reconnaissance", + "techniqueID": "T1614.001", + "tactic": "discovery", "score": 1, "color": "", "comment": "", @@ -4615,9 +4604,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1137.002", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1484.001", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4626,9 +4615,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.009", + "techniqueID": "T1484.001", "tactic": "privilege-escalation", - "score": 2, + "score": 6, "color": "", "comment": "", "enabled": true, @@ -4637,9 +4626,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.009", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1021.005", + "tactic": "lateral-movement", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4648,9 +4637,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1125", + "techniqueID": "T1119", "tactic": "collection", - "score": 1, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -4659,8 +4648,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.005", - "tactic": "persistence", + "techniqueID": "T1590.001", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "", @@ -4670,9 +4659,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.005", + "techniqueID": "T1546.015", "tactic": "privilege-escalation", - "score": 1, + "score": 9, "color": "", "comment": "", "enabled": true, @@ -4681,9 +4670,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.008", + "techniqueID": "T1546.015", "tactic": "persistence", - "score": 1, + "score": 9, "color": "", "comment": "", "enabled": true, @@ -4692,9 +4681,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.008", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1134", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4703,9 +4692,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.010", + "techniqueID": "T1134", "tactic": "privilege-escalation", - "score": 1, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4714,9 +4703,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.010", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1134.003", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4725,9 +4714,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.003", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1134.003", + "tactic": "privilege-escalation", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4736,9 +4725,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.003", + "techniqueID": "T1574", "tactic": "persistence", - "score": 1, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4747,9 +4736,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.003", + "techniqueID": "T1574", "tactic": "privilege-escalation", - "score": 1, + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4758,9 +4747,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1559.002", - "tactic": "execution", - "score": 1, + "techniqueID": "T1574", + "tactic": "defense-evasion", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4769,8 +4758,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.012", - "tactic": "privilege-escalation", + "techniqueID": "T1039", + "tactic": "collection", "score": 2, "color": "", "comment": "", @@ -4780,9 +4769,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.012", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1570", + "tactic": "lateral-movement", + "score": 5, "color": "", "comment": "", "enabled": true, @@ -4791,9 +4780,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1200", - "tactic": "initial-access", - "score": 3, + "techniqueID": "T1216.001", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4802,9 +4791,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.002", + "techniqueID": "T1036.004", "tactic": "defense-evasion", - "score": 6, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4813,9 +4802,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1550.002", - "tactic": "lateral-movement", - "score": 6, + "techniqueID": "T1110.001", + "tactic": "credential-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4824,9 +4813,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1557.003", - "tactic": "credential-access", - "score": 1, + "techniqueID": "T1036.002", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4835,8 +4824,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1557.003", - "tactic": "collection", + "techniqueID": "T1110.002", + "tactic": "credential-access", "score": 1, "color": "", "comment": "", @@ -4846,9 +4835,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1207", + "techniqueID": "T1222.001", "tactic": "defense-evasion", - "score": 2, + "score": 5, "color": "", "comment": "", "enabled": true, @@ -4857,9 +4846,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1091", - "tactic": "lateral-movement", - "score": 1, + "techniqueID": "T1217", + "tactic": "discovery", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -4868,8 +4857,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1091", - "tactic": "initial-access", + "techniqueID": "T1622", + "tactic": "defense-evasion", "score": 1, "color": "", "comment": "", @@ -4879,7 +4868,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1010", + "techniqueID": "T1622", "tactic": "discovery", "score": 1, "color": "", @@ -4890,9 +4879,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1027.001", + "techniqueID": "T1134.004", "tactic": "defense-evasion", - "score": 3, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -4901,8 +4890,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.002", - "tactic": "defense-evasion", + "techniqueID": "T1134.004", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -4912,9 +4901,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.005", - "tactic": "defense-evasion", - "score": 1, + "techniqueID": "T1059.006", + "tactic": "execution", + "score": 8, "color": "", "comment": "", "enabled": true, @@ -4923,9 +4912,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1134.005", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1036.007", + "tactic": "defense-evasion", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4934,9 +4923,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1590.002", - "tactic": "reconnaissance", - "score": 1, + "techniqueID": "T1620", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -4945,9 +4934,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1588", - "tactic": "resource-development", - "score": 2, + "techniqueID": "T1069", + "tactic": "discovery", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4956,7 +4945,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", + "techniqueID": "T1070.005", "tactic": "defense-evasion", "score": 4, "color": "", @@ -4967,9 +4956,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", + "techniqueID": "T1037.001", "tactic": "persistence", - "score": 4, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4978,9 +4967,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", + "techniqueID": "T1037.001", "tactic": "privilege-escalation", - "score": 4, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -4989,9 +4978,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.001", - "tactic": "initial-access", - "score": 4, + "techniqueID": "T1135", + "tactic": "discovery", + "score": 7, "color": "", "comment": "", "enabled": true, @@ -5000,9 +4989,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", - "tactic": "defense-evasion", - "score": 5, + "techniqueID": "T1185", + "tactic": "collection", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -5011,7 +5000,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", + "techniqueID": "T1505.004", "tactic": "persistence", "score": 5, "color": "", @@ -5022,9 +5011,31 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", + "techniqueID": "T1003.006", + "tactic": "credential-access", + "score": 7, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1006", + "tactic": "defense-evasion", + "score": 1, + "color": "", + "comment": "", + "enabled": true, + "metadata": [], + "links": [], + "showSubtechniques": false + }, + { + "techniqueID": "T1546.013", "tactic": "privilege-escalation", - "score": 5, + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5033,9 +5044,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1078.003", - "tactic": "initial-access", - "score": 5, + "techniqueID": "T1546.013", + "tactic": "persistence", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5044,9 +5055,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1499.001", - "tactic": "impact", - "score": 1, + "techniqueID": "T1137", + "tactic": "persistence", + "score": 9, "color": "", "comment": "", "enabled": true, @@ -5055,9 +5066,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1505.001", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1008", + "tactic": "command-and-control", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -5066,9 +5077,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1213", - "tactic": "collection", - "score": 7, + "techniqueID": "T1137.006", + "tactic": "persistence", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -5077,8 +5088,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1498", - "tactic": "impact", + "techniqueID": "T1136.002", + "tactic": "persistence", "score": 3, "color": "", "comment": "", @@ -5088,9 +5099,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1611", - "tactic": "privilege-escalation", - "score": 2, + "techniqueID": "T1547.009", + "tactic": "persistence", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -5099,9 +5110,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1609", - "tactic": "execution", - "score": 2, + "techniqueID": "T1547.009", + "tactic": "privilege-escalation", + "score": 4, "color": "", "comment": "", "enabled": true, @@ -5110,8 +5121,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1069.003", - "tactic": "discovery", + "techniqueID": "T1137.003", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -5121,9 +5132,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1213.003", - "tactic": "collection", - "score": 5, + "techniqueID": "T1195", + "tactic": "initial-access", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5132,9 +5143,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1591.004", - "tactic": "reconnaissance", - "score": 2, + "techniqueID": "T1547.015", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5143,9 +5154,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1586", - "tactic": "resource-development", - "score": 2, + "techniqueID": "T1547.015", + "tactic": "privilege-escalation", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5154,9 +5165,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1586.003", - "tactic": "resource-development", - "score": 1, + "techniqueID": "T1001.003", + "tactic": "command-and-control", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -5165,9 +5176,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.012", - "tactic": "execution", - "score": 9, + "techniqueID": "T1114.001", + "tactic": "collection", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5176,9 +5187,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1014", + "techniqueID": "T1222", "tactic": "defense-evasion", - "score": 1, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -5187,8 +5198,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1592.004", - "tactic": "reconnaissance", + "techniqueID": "T1553.005", + "tactic": "defense-evasion", "score": 3, "color": "", "comment": "", @@ -5198,8 +5209,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.012", - "tactic": "defense-evasion", + "techniqueID": "T1589.002", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "", @@ -5209,8 +5220,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1548.001", - "tactic": "privilege-escalation", + "techniqueID": "T1574.012", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -5220,8 +5231,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1548.001", - "tactic": "defense-evasion", + "techniqueID": "T1574.012", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -5231,9 +5242,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1222.002", + "techniqueID": "T1574.012", "tactic": "defense-evasion", - "score": 4, + "score": 2, "color": "", "comment": "", "enabled": true, @@ -5242,8 +5253,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1653", - "tactic": "persistence", + "techniqueID": "T1546.010", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -5253,9 +5264,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1070.002", - "tactic": "defense-evasion", - "score": 4, + "techniqueID": "T1546.010", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5264,8 +5275,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1562.003", - "tactic": "defense-evasion", + "techniqueID": "T1125", + "tactic": "collection", "score": 1, "color": "", "comment": "", @@ -5275,8 +5286,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.009", - "tactic": "defense-evasion", + "techniqueID": "T1546.009", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -5286,8 +5297,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1055.009", - "tactic": "privilege-escalation", + "techniqueID": "T1546.009", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -5297,9 +5308,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.006", + "techniqueID": "T1547.008", "tactic": "persistence", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5308,9 +5319,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.006", + "techniqueID": "T1547.008", "tactic": "privilege-escalation", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5319,9 +5330,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1574.006", - "tactic": "defense-evasion", - "score": 2, + "techniqueID": "T1547.005", + "tactic": "persistence", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5330,7 +5341,7 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.004", + "techniqueID": "T1547.005", "tactic": "privilege-escalation", "score": 1, "color": "", @@ -5341,9 +5352,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.004", - "tactic": "persistence", - "score": 1, + "techniqueID": "T1553.003", + "tactic": "defense-evasion", + "score": 2, "color": "", "comment": "", "enabled": true, @@ -5352,9 +5363,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.002", + "techniqueID": "T1547.003", "tactic": "persistence", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5363,9 +5374,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.002", + "techniqueID": "T1547.003", "tactic": "privilege-escalation", - "score": 2, + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5374,8 +5385,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1499", - "tactic": "impact", + "techniqueID": "T1546.012", + "tactic": "privilege-escalation", "score": 2, "color": "", "comment": "", @@ -5385,8 +5396,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1030", - "tactic": "exfiltration", + "techniqueID": "T1546.012", + "tactic": "persistence", "score": 2, "color": "", "comment": "", @@ -5396,8 +5407,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.006", - "tactic": "persistence", + "techniqueID": "T1559.002", + "tactic": "execution", "score": 1, "color": "", "comment": "", @@ -5407,9 +5418,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1547.006", - "tactic": "privilege-escalation", - "score": 1, + "techniqueID": "T1550.002", + "tactic": "defense-evasion", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -5418,9 +5429,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1588.001", - "tactic": "resource-development", - "score": 1, + "techniqueID": "T1550.002", + "tactic": "lateral-movement", + "score": 6, "color": "", "comment": "", "enabled": true, @@ -5429,9 +5440,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.001", - "tactic": "persistence", - "score": 2, + "techniqueID": "T1553.002", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5440,8 +5451,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.001", - "tactic": "privilege-escalation", + "techniqueID": "T1207", + "tactic": "defense-evasion", "score": 2, "color": "", "comment": "", @@ -5451,20 +5462,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1543.004", - "tactic": "persistence", - "score": 3, - "color": "", - "comment": "", - "enabled": true, - "metadata": [], - "links": [], - "showSubtechniques": false - }, - { - "techniqueID": "T1543.004", - "tactic": "privilege-escalation", - "score": 3, + "techniqueID": "T1010", + "tactic": "discovery", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5473,9 +5473,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1059.002", - "tactic": "execution", - "score": 8, + "techniqueID": "T1134.005", + "tactic": "defense-evasion", + "score": 1, "color": "", "comment": "", "enabled": true, @@ -5484,8 +5484,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1036.006", - "tactic": "defense-evasion", + "techniqueID": "T1134.005", + "tactic": "privilege-escalation", "score": 1, "color": "", "comment": "", @@ -5495,9 +5495,9 @@ "showSubtechniques": false }, { - "techniqueID": "T1555.001", - "tactic": "credential-access", - "score": 1, + "techniqueID": "T1200", + "tactic": "initial-access", + "score": 3, "color": "", "comment": "", "enabled": true, @@ -5506,8 +5506,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1569.001", - "tactic": "execution", + "techniqueID": "T1557.003", + "tactic": "credential-access", "score": 1, "color": "", "comment": "", @@ -5517,8 +5517,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1553.001", - "tactic": "defense-evasion", + "techniqueID": "T1557.003", + "tactic": "collection", "score": 1, "color": "", "comment": "", @@ -5528,8 +5528,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.014", - "tactic": "privilege-escalation", + "techniqueID": "T1091", + "tactic": "lateral-movement", "score": 1, "color": "", "comment": "", @@ -5539,8 +5539,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1546.014", - "tactic": "persistence", + "techniqueID": "T1091", + "tactic": "initial-access", "score": 1, "color": "", "comment": "", @@ -5550,8 +5550,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.005", - "tactic": "persistence", + "techniqueID": "T1590.002", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "", @@ -5561,8 +5561,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1037.005", - "tactic": "privilege-escalation", + "techniqueID": "T1499.001", + "tactic": "impact", "score": 1, "color": "", "comment": "", @@ -5572,8 +5572,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1559", - "tactic": "execution", + "techniqueID": "T1176", + "tactic": "persistence", "score": 1, "color": "", "comment": "", @@ -5583,8 +5583,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1176", - "tactic": "persistence", + "techniqueID": "T1595.001", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "", @@ -5616,8 +5616,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1595.001", - "tactic": "reconnaissance", + "techniqueID": "T1559", + "tactic": "execution", "score": 1, "color": "", "comment": "", @@ -5627,8 +5627,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1598.002", - "tactic": "reconnaissance", + "techniqueID": "T1090.004", + "tactic": "command-and-control", "score": 1, "color": "", "comment": "", @@ -5638,8 +5638,8 @@ "showSubtechniques": false }, { - "techniqueID": "T1090.004", - "tactic": "command-and-control", + "techniqueID": "T1598.002", + "tactic": "reconnaissance", "score": 1, "color": "", "comment": "",