ATT&CK Changes Between v12.0 and v12.1

Key

New objects: ATT&CK objects which are only present in the new release.
Major version changes: ATT&CK objects that have a major version change. (e.g. 1.0 → 2.0)
Minor version changes: ATT&CK objects that have a minor version change. (e.g. 1.0 → 1.1)
Other version changes: ATT&CK objects that have a version change of any other kind. (e.g. 1.0 → 1.2)
Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something like a typo, a URL, or some metadata was fixed)
Object revocations: ATT&CK objects which are revoked by a different object.
Object deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
Object deletions: ATT&CK objects which are no longer found in the STIX data.

Additional formats

These ATT&CK Navigator layer files can be uploaded to ATT&CK Navigator manually.

This JSON file contains the machine readble output used to create this page: changelog.json

Techniques

enterprise-attack

Minor Version Changes

[T1585.003] Establish Accounts: Cloud Accounts

Current version: 1.1

Version changed from: 1.0 → 1.1

	Old Description			New Description
t	1	Adversaries may create accounts with cloud providers that ca	t	1	Adversaries may create accounts with cloud providers that ca
	>	n be used during targeting. Adversaries can use cloud accoun		>	n be used during targeting. Adversaries can use cloud accoun
	>	ts to further their operations, including leveraging cloud s		>	ts to further their operations, including leveraging cloud s
	>	torage services such as Dropbox, Microsoft OneDrive, or AWS		>	torage services such as Dropbox, MEGA, Microsoft OneDrive, o
	>	S3 buckets for [Exfiltration to Cloud Storage](https://attac		>	r AWS S3 buckets for [Exfiltration to Cloud Storage](https:/
	>	k.mitre.org/techniques/T1567/002) or to [Upload Tool](https:		>	/attack.mitre.org/techniques/T1567/002) or to [Upload Tool](
	>	//attack.mitre.org/techniques/T1608/002)s. Cloud accounts ca		>	https://attack.mitre.org/techniques/T1608/002)s. Cloud accou
	>	n also be used in the acquisition of infrastructure, such as		>	nts can also be used in the acquisition of infrastructure, s
	>	[Virtual Private Server](https://attack.mitre.org/technique		>	uch as [Virtual Private Server](https://attack.mitre.org/tec
	>	s/T1583/003)s or [Serverless](https://attack.mitre.org/techn		>	hniques/T1583/003)s or [Serverless](https://attack.mitre.org
	>	iques/T1583/007) infrastructure. Establishing cloud accounts		>	/techniques/T1583/007) infrastructure. Establishing cloud ac
	>	may allow adversaries to develop sophisticated capabilities		>	counts may allow adversaries to develop sophisticated capabi
	>	without managing their own servers.(Citation: Awake Securit		>	lities without managing their own servers.(Citation: Awake S
	>	y C2 Cloud) Creating [Cloud Accounts](https://attack.mitre.		>	ecurity C2 Cloud) Creating [Cloud Accounts](https://attack.
	>	org/techniques/T1585/003) may also require adversaries to es		>	mitre.org/techniques/T1585/003) may also require adversaries
	>	tablish [Email Accounts](https://attack.mitre.org/techniques		>	to establish [Email Accounts](https://attack.mitre.org/tech
	>	/T1585/002) to register with the cloud provider.		>	niques/T1585/002) to register with the cloud provider.

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 14:20:59.175000+00:00	2022-10-25 15:49:14.785000+00:00
description	Adversaries may create accounts with cloud providers that can be used during targeting. Adversaries can use cloud accounts to further their operations, including leveraging cloud storage services such as Dropbox, Microsoft OneDrive, or AWS S3 buckets for [Exfiltration to Cloud Storage](https://attack.mitre.org/techniques/T1567/002) or to [Upload Tool](https://attack.mitre.org/techniques/T1608/002)s. Cloud accounts can also be used in the acquisition of infrastructure, such as [Virtual Private Server](https://attack.mitre.org/techniques/T1583/003)s or [Serverless](https://attack.mitre.org/techniques/T1583/007) infrastructure. Establishing cloud accounts may allow adversaries to develop sophisticated capabilities without managing their own servers.(Citation: Awake Security C2 Cloud) Creating [Cloud Accounts](https://attack.mitre.org/techniques/T1585/003) may also require adversaries to establish [Email Accounts](https://attack.mitre.org/techniques/T1585/002) to register with the cloud provider.	Adversaries may create accounts with cloud providers that can be used during targeting. Adversaries can use cloud accounts to further their operations, including leveraging cloud storage services such as Dropbox, MEGA, Microsoft OneDrive, or AWS S3 buckets for [Exfiltration to Cloud Storage](https://attack.mitre.org/techniques/T1567/002) or to [Upload Tool](https://attack.mitre.org/techniques/T1608/002)s. Cloud accounts can also be used in the acquisition of infrastructure, such as [Virtual Private Server](https://attack.mitre.org/techniques/T1583/003)s or [Serverless](https://attack.mitre.org/techniques/T1583/007) infrastructure. Establishing cloud accounts may allow adversaries to develop sophisticated capabilities without managing their own servers.(Citation: Awake Security C2 Cloud) Creating [Cloud Accounts](https://attack.mitre.org/techniques/T1585/003) may also require adversaries to establish [Email Accounts](https://attack.mitre.org/techniques/T1585/002) to register with the cloud provider.
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_version	1.0	1.1

[T1557.001] Adversary-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay

Current version: 1.4

Version changed from: 1.3 → 1.4

	Old Description			New Description
t	1	By responding to LLMNR/NBT-NS network traffic, adversaries m	t	1	By responding to LLMNR/NBT-NS network traffic, adversaries m
	>	ay spoof an authoritative source for name resolution to forc		>	ay spoof an authoritative source for name resolution to forc
	>	e communication with an adversary controlled system. This ac		>	e communication with an adversary controlled system. This ac
	>	tivity may be used to collect or relay authentication materi		>	tivity may be used to collect or relay authentication materi
	>	als. Link-Local Multicast Name Resolution (LLMNR) and NetB		>	als. Link-Local Multicast Name Resolution (LLMNR) and NetB
	>	IOS Name Service (NBT-NS) are Microsoft Windows components t		>	IOS Name Service (NBT-NS) are Microsoft Windows components t
	>	hat serve as alternate methods of host identification. LLMNR		>	hat serve as alternate methods of host identification. LLMNR
	>	is based upon the Domain Name System (DNS) format and allow		>	is based upon the Domain Name System (DNS) format and allow
	>	s hosts on the same local link to perform name resolution fo		>	s hosts on the same local link to perform name resolution fo
	>	r other hosts. NBT-NS identifies systems on a local network		>	r other hosts. NBT-NS identifies systems on a local network
	>	by their NetBIOS name. (Citation: Wikipedia LLMNR)(Citation:		>	by their NetBIOS name. (Citation: Wikipedia LLMNR)(Citation:
	>	TechNet NetBIOS) Adversaries can spoof an authoritative so		>	TechNet NetBIOS) Adversaries can spoof an authoritative so
	>	urce for name resolution on a victim network by responding t		>	urce for name resolution on a victim network by responding t
	>	o LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know		>	o LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know
	>	the identity of the requested host, effectively poisoning th		>	the identity of the requested host, effectively poisoning th
	>	e service so that the victims will communicate with the adve		>	e service so that the victims will communicate with the adve
	>	rsary controlled system. If the requested host belongs to a		>	rsary controlled system. If the requested host belongs to a
	>	resource that requires identification/authentication, the us		>	resource that requires identification/authentication, the us
	>	ername and NTLMv2 hash will then be sent to the adversary co		>	ername and NTLMv2 hash will then be sent to the adversary co
	>	ntrolled system. The adversary can then collect the hash inf		>	ntrolled system. The adversary can then collect the hash inf
	>	ormation sent over the wire through tools that monitor the p		>	ormation sent over the wire through tools that monitor the p
	>	orts for traffic or through [Network Sniffing](https://attac		>	orts for traffic or through [Network Sniffing](https://attac
	>	k.mitre.org/techniques/T1040) and crack the hashes offline t		>	k.mitre.org/techniques/T1040) and crack the hashes offline t
	>	hrough [Brute Force](https://attack.mitre.org/techniques/T11		>	hrough [Brute Force](https://attack.mitre.org/techniques/T11
	>	10) to obtain the plaintext passwords. In some cases where		>	10) to obtain the plaintext passwords. In some cases where
	>	an adversary has access to a system that is in the authentic		>	an adversary has access to a system that is in the authentic
	>	ation path between systems or when automated scans that use		>	ation path between systems or when automated scans that use
	>	credentials attempt to authenticate to an adversary controll		>	credentials attempt to authenticate to an adversary controll
	>	ed system, the NTLMv2 hashes can be intercepted and relayed		>	ed system, the NTLMv1/v2 hashes can be intercepted and relay
	>	to access and execute code against a target system. The rela		>	ed to access and execute code against a target system. The r
	>	y step can happen in conjunction with poisoning but may also		>	elay step can happen in conjunction with poisoning but may a
	>	be independent of it.(Citation: byt3bl33d3r NTLM Relaying)(		>	lso be independent of it.(Citation: byt3bl33d3r NTLM Relayin
	>	Citation: Secure Ideas SMB Relay) Additionally, adversaries		>	g)(Citation: Secure Ideas SMB Relay) Additionally, adversari
	>	may encapsulate the NTLMv1/v2 hashes into various protocols,		>	es may encapsulate the NTLMv1/v2 hashes into various protoco
	>	such as LDAP, SMB, MSSQL and HTTP, to expand and use multip		>	ls, such as LDAP, SMB, MSSQL and HTTP, to expand and use mul
	>	le services with the valid NTLM response. Several tools ma		>	tiple services with the valid NTLM response. Several tools
	>	y be used to poison name services within local networks such		>	may be used to poison name services within local networks s
	>	as NBNSpoof, Metasploit, and [Responder](https://attack.mit		>	uch as NBNSpoof, Metasploit, and [Responder](https://attack.
	>	re.org/software/S0174).(Citation: GitHub NBNSpoof)(Citation:		>	mitre.org/software/S0174).(Citation: GitHub NBNSpoof)(Citati
	>	Rapid7 LLMNR Spoofer)(Citation: GitHub Responder)		>	on: Rapid7 LLMNR Spoofer)(Citation: GitHub Responder)

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-18 20:13:48.423000+00:00	2022-10-25 15:46:55.393000+00:00
description	By responding to LLMNR/NBT-NS network traffic, adversaries may spoof an authoritative source for name resolution to force communication with an adversary controlled system. This activity may be used to collect or relay authentication materials. Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are Microsoft Windows components that serve as alternate methods of host identification. LLMNR is based upon the Domain Name System (DNS) format and allows hosts on the same local link to perform name resolution for other hosts. NBT-NS identifies systems on a local network by their NetBIOS name. (Citation: Wikipedia LLMNR)(Citation: TechNet NetBIOS) Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system. The adversary can then collect the hash information sent over the wire through tools that monitor the ports for traffic or through [Network Sniffing](https://attack.mitre.org/techniques/T1040) and crack the hashes offline through [Brute Force](https://attack.mitre.org/techniques/T1110) to obtain the plaintext passwords. In some cases where an adversary has access to a system that is in the authentication path between systems or when automated scans that use credentials attempt to authenticate to an adversary controlled system, the NTLMv2 hashes can be intercepted and relayed to access and execute code against a target system. The relay step can happen in conjunction with poisoning but may also be independent of it.(Citation: byt3bl33d3r NTLM Relaying)(Citation: Secure Ideas SMB Relay) Additionally, adversaries may encapsulate the NTLMv1/v2 hashes into various protocols, such as LDAP, SMB, MSSQL and HTTP, to expand and use multiple services with the valid NTLM response. Several tools may be used to poison name services within local networks such as NBNSpoof, Metasploit, and [Responder](https://attack.mitre.org/software/S0174).(Citation: GitHub NBNSpoof)(Citation: Rapid7 LLMNR Spoofer)(Citation: GitHub Responder)	By responding to LLMNR/NBT-NS network traffic, adversaries may spoof an authoritative source for name resolution to force communication with an adversary controlled system. This activity may be used to collect or relay authentication materials. Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are Microsoft Windows components that serve as alternate methods of host identification. LLMNR is based upon the Domain Name System (DNS) format and allows hosts on the same local link to perform name resolution for other hosts. NBT-NS identifies systems on a local network by their NetBIOS name. (Citation: Wikipedia LLMNR)(Citation: TechNet NetBIOS) Adversaries can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system. If the requested host belongs to a resource that requires identification/authentication, the username and NTLMv2 hash will then be sent to the adversary controlled system. The adversary can then collect the hash information sent over the wire through tools that monitor the ports for traffic or through [Network Sniffing](https://attack.mitre.org/techniques/T1040) and crack the hashes offline through [Brute Force](https://attack.mitre.org/techniques/T1110) to obtain the plaintext passwords. In some cases where an adversary has access to a system that is in the authentication path between systems or when automated scans that use credentials attempt to authenticate to an adversary controlled system, the NTLMv1/v2 hashes can be intercepted and relayed to access and execute code against a target system. The relay step can happen in conjunction with poisoning but may also be independent of it.(Citation: byt3bl33d3r NTLM Relaying)(Citation: Secure Ideas SMB Relay) Additionally, adversaries may encapsulate the NTLMv1/v2 hashes into various protocols, such as LDAP, SMB, MSSQL and HTTP, to expand and use multiple services with the valid NTLM response. Several tools may be used to poison name services within local networks such as NBNSpoof, Metasploit, and [Responder](https://attack.mitre.org/software/S0174).(Citation: GitHub NBNSpoof)(Citation: Rapid7 LLMNR Spoofer)(Citation: GitHub Responder)
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_data_sources[0]	Service: Service Creation	Network Traffic: Network Traffic Content
x_mitre_data_sources[3]	Network Traffic: Network Traffic Content	Service: Service Creation
x_mitre_version	1.3	1.4

Patches

[T1593.003] Search Open Websites/Domains: Code Repositories

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 13:57:35.259000+00:00	2022-10-26 18:01:20.520000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[0]	Vinayak Wadhwa, Lucideus	Matt Burrough, @mattburrough, Microsoft
x_mitre_contributors[1]	Matt Burrough, @mattburrough, Microsoft	Vinayak Wadhwa, SAFE Security

[T1111] Multi-Factor Authentication Interception

Current version: 2.0

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_attack_spec_version		3.0.0
x_mitre_deprecated		False

dictionary_item_removed
STIX Field	Old value	New Value
x_mitre_permissions_required	['Administrator', 'SYSTEM']

values_changed
STIX Field	Old value	New Value
modified	2022-04-01 18:02:50.531000+00:00	2022-10-31 19:47:26.104000+00:00
external_references[1]['source_name']	Mandiant M Trends 2011	GCN RSA June 2011
external_references[1]['description']	Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.	Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.
external_references[1]['url']	https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf	https://gcn.com/cybersecurity/2011/06/rsa-confirms-its-tokens-used-in-lockheed-hack/282818/
external_references[2]['source_name']	GCN RSA June 2011	Mandiant M Trends 2011
external_references[2]['description']	Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018.	Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.
external_references[2]['url']	https://gcn.com/articles/2011/06/07/rsa-confirms-tokens-used-to-hack-lockheed.aspx	https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf
x_mitre_data_sources[0]	Windows Registry: Windows Registry Key Modification	Process: OS API Execution
x_mitre_data_sources[2]	Process: OS API Execution	Windows Registry: Windows Registry Key Modification

[T1608.006] Stage Capabilities: SEO Poisoning

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 17:53:05.462000+00:00	2022-10-27 14:16:24.490000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0

iterable_item_added
STIX Field	Old value	New Value
x_mitre_contributors		Will Jolliffe

Software

enterprise-attack

Patches

[S1033] DCSrv

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-18 13:08:43.567000+00:00	2022-10-24 18:55:25.261000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[1]	Manikantan Srinivasan , NEC Corporation India	Pooja Natarajan, NEC Corporation India
x_mitre_contributors[2]	Pooja Natarajan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S1027] Heyoka Backdoor

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-19 21:54:52.549000+00:00	2022-10-24 18:54:09.655000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[1]	Manikantan Srinivasan , NEC Corporation India	Pooja Natarajan, NEC Corporation India
x_mitre_contributors[2]	Pooja Natarajan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S1016] MacMa

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-20 19:00:58.329000+00:00	2022-10-24 18:52:29.002000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[2]	Manikantan Srinivasan , NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S1026] Mongall

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 18:41:08.032000+00:00	2022-10-24 18:53:41.304000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[1]	Manikantan Srinivasan , NEC Corporation India	Pooja Natarajan, NEC Corporation India
x_mitre_contributors[2]	Pooja Natarajan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S1031] PingPull

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 20:13:44.744000+00:00	2022-10-24 18:51:58.072000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[2]	Manikanran Srinivasan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S0029] PsExec

Current version: 1.3

	Old Description			New Description
t	1	[PsExec](https://attack.mitre.org/software/S0029) is a free	t	1	[PsExec](https://attack.mitre.org/software/S0029) is a free
	>	Microsoft tool that can be used to execute a program on anot		>	Microsoft tool that can be used to execute a program on anot
	>	her computer. It is used by IT administrators and attackers.		>	her computer. It is used by IT administrators and attackers.
	>	(Citation: Russinovich Sysinternals) (Citation: SANS PsExec		>	(Citation: Russinovich Sysinternals)(Citation: SANS PsExec)
	>	)

Details

values_changed
STIX Field	Old value	New Value
modified	2022-09-28 14:47:20.421000+00:00	2022-11-01 18:29:13.666000+00:00
description	[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers. (Citation: Russinovich Sysinternals) (Citation: SANS PsExec)	[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.(Citation: Russinovich Sysinternals)(Citation: SANS PsExec)
external_references[1]['description']	Pilkington, M.. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.	Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.
external_references[1]['url']	https://digital-forensics.sans.org/blog/2012/12/17/protecting-privileged-domain-accounts-psexec-deep-dive	https://www.sans.org/blog/protecting-privileged-domain-accounts-psexec-deep-dive/
x_mitre_attack_spec_version	2.1.0	3.0.0

[S1032] PyDCrypt

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-18 13:10:21.905000+00:00	2022-10-24 18:54:58.048000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[2]	Manikantan Srinivasan , NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[S0689] WhisperGate

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-04-10 16:43:00.619000+00:00	2022-10-24 18:47:53.298000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[0]	Phil Taylor, BT Security	Phill Taylor, BT Security

Groups

enterprise-attack

Patches

[G1007] Aoqin Dragon

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-21 18:42:52.256000+00:00	2022-10-24 18:50:40.179000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[1]	Manikantan Srinivasan , NEC Corporation India	Pooja Natarajan, NEC Corporation India
x_mitre_contributors[2]	Pooja Natarajan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[G1011] EXOTIC LILY

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-13 17:54:09.402000+00:00	2022-10-24 18:48:18.917000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[0]	Phil Taylor, BT Security	Phill Taylor, BT Security

[G1009] Moses Staff

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-18 13:09:11.486000+00:00	2022-10-24 18:50:12.653000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[1]	Manikantan Srinivasan , NEC Corporation India	Pooja Natarajan, NEC Corporation India
x_mitre_contributors[2]	Pooja Natarajan, NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

[G1008] SideCopy

Current version: 1.0

Details

values_changed
STIX Field	Old value	New Value
modified	2022-10-20 18:29:03.956000+00:00	2022-10-24 18:51:09.213000+00:00
x_mitre_attack_spec_version	2.1.0	3.0.0
x_mitre_contributors[2]	Manikantan Srinivasan , NEC Corporation India	Manikantan Srinivasan, NEC Corporation India

Data Components

enterprise-attack

Deprecations

Container: Container Metadata

Current version: 1.0

Description: Contextual data about a container and activity around it such as name, ID, image, or status

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_deprecated		True

values_changed
STIX Field	Old value	New Value
modified	2021-10-20T15:05:19.274Z	2022-11-07T19:45:00.000Z

Pod: Pod Metadata

Current version: 1.0

Description: Contextual data about a pod and activity around it such as name, ID, namespace, or status

Details

dictionary_item_added
STIX Field	Old value	New Value
x_mitre_deprecated		True

values_changed
STIX Field	Old value	New Value
modified	2021-10-20T15:05:19.272Z	2022-11-07T19:45:00.000Z