|Version||Start Date||End Date||Data|
|ATT&CK v2||April 13, 2018||October 22, 2018||v2.0 on MITRE/CTI|
Initial Access was added to ATT&CK and some techniques were added to Execution to cover the Launch and Compromise techniques within PRE-ATT&CK. The techniques were refactored to fit the enterprise level of detail.
The following techniques were added under Initial Access:
The following existing techniques were cross-referenced into Initial Access:
The following techniques were added to Execution:
Aside from those added from PRE-ATT&CK, 23 additional new techniques were added - Up to 219 from 188:
One technique renamed
NTFS Extended Attributes -> NTFS File Attributes
Moderate to major updates to scope and/or content
Nine new groups:
Group Updates Patchwork combined with Monsoon, G0042 redirects to G0040
Groups with New Techniques Added
45 new software entries:
Exploitation of Vulnerability Breakout - With the addition of Initial Access, more clarity was needed to define software exploitation behavior. The original Exploitation of Vulnerability technique was broken out into six variations specifically for individual tactics.
Software Platforms - Added Windows, Linux, and macOS tags for software objects.
This release deprecates the Launch and Compromise tactics and most of the techniques that belong to them. In the future, these TTPs will be covered by techniques in the Initial Access and Execution tactics on ATT&CK.