Updates - April 2019


NOTE: To see the content from this release, click here.

Previous Versions

Previous versions of the ATT&CK website are now being saved and displayed here to give a historical reference for prior content releases.

Tactics and Techniques

Enterprise

Impact Tactic:

The Impact Tactic was added to cover integrity and availability attacks against enterprise systems. Each technique will include an Impact Type label of 'Integrity' or 'Availability'.

The tactic covers 14 techniques that were added in this update:

Seven additional techniques were added:

The following techniques were updated:

Added Digital Certificate Validation as a defense bypassed:

Miscellaneous minor changes:

You can view the new and changed enterprise techniques in the ATT&CK Navigator by checking out the layer file we made available here. You can also check out a preview of the changes below! New techniques are green, and changed techniques are yellow.

ATT&CK Navigator - April 2019 Updates

PRE-ATT&CK

Technique deprecations:

Mobile

New Techniques:

Groups

On both Group and Software pages, we have changed the term “Aliases” to “Associated Groups” and “Associated Software” respectively to better reflect what these terms represent. Analysts track clusters of activities using various analytic methodologies and terms such as threat groups, activity groups, threat actors, intrusion sets, and campaigns. Some groups have multiple names associated with similar activities due to various organizations tracking similar activities by different names. Malware/software faces the same challenge with different organizations assigning different names to the same or similar samples. Organizations' group and software names may partially overlap with names designated by other organizations and may disagree on specific activity.

The MITRE ATT&CK team believes that tracking overlaps in activity for both groups and malware/software is useful to analysts, which is why we began tracking the “Aliases” field many years ago. While we always recognized that these were not true, complete “aliases,” we have realized that calling these “Aliases” only furthers the confusion over group naming. Thus, we have decided to change the field “Aliases” to “Associated Groups” and “Associated Software” to more accurately represent what we are trying to express. We make a best effort to track overlapping groups and software, but we do not represent these names as exact overlaps and encourage analysts to do additional research. If you have input on associated groups or software, please contact us.

Enterprise

New Groups:

Group changes:

PRE-ATT&CK

New Groups:

Group changes:

Mobile

Group changes:

Software

Enterprise

New Software:

Software changes:

Mobile

Software changes: