Updates - April 2022
The April 2022 (v11) ATT&CK release updates Techniques, Groups, and Software for Enterprise, Mobile, and ICS. The biggest changes are the restructuring of Detections, now tied to Data Source and Data Component objects in Enterprise ATT&CK, a beta release of ATT&CK for Mobile leveraging sub-techniques, and ATT&CK for ICS now on attack.mitre.org An accompanying blog post describes these changes as well as improvements across ATT&CK's various domains and platforms.
This release contains a beta version of ATT&CK for Mobile represented using sub-techniques. The current stable version of ATT&CK for Mobile can still be found at https://attack.mitre.org/versions/v10/matrices/mobile/. Information on how to make the transition to this new version of ATT&CK for Mobile can be found in an accompanying blog post. A version of this beta content rendered in STIX can be found in our GitHub repo.
In this release we have replaced the Enterprise Sub-Techniques Boot or Logon Autostart Execution: Plist Modification (T1547.011) with Plist File Modification (T1647) and Scheduled Task/Job: At (Linux)(T1053.001) was incorporated into Scheduled Task/Job: At (T1053.002) in to better reflect adversary behavior.
This version of ATT&CK for Enterprise contains 14 Tactics, 191 Techniques, 386 Sub-techniques, 134 Groups, and 680 Pieces of Software.
Techniques
Enterprise
New Techniques
Technique changes
Minor Technique changes
Technique revocations
Technique deprecations
Mobile v11.0-beta
The below changes represent the Mobile v11.0-beta release. The current production release at https://attack.mitre.org/versions/v10/matrices/mobile/ remains unchanged.
New Techniques
Technique changes
Minor Technique changes
Technique revocations
Technique deprecations
Software
Enterprise
New Software
Software changes
Minor Software changes
Software revocations
Software deprecations
Mobile
New Software
Software changes
Minor Software changes
Software revocations
Software deprecations
Groups
Enterprise
New Groups
Group changes
Minor Group changes
Group revocations
Group deprecations
Mobile
New Groups
Group changes
Minor Group changes
Group revocations
Group deprecations
Mitigations
Enterprise
New Mitigations
Mitigation changes
Minor Mitigation changes
Mitigation revocations
Mitigation deprecations
Mobile
New Mitigations
Mitigation changes
Minor Mitigation changes
Mitigation revocations
Mitigation deprecations
Data Sources and/or Components
Enterprise
New Data Sources and/or Components
Data Source and/or Component changes:
Minor Data Source and/or Component changes
Data Source and/or Component revocations
Data Source and/or Component deprecations
Mobile
ATT&CK for Mobile does not support data sources
Contributors to this release
- Abhijit Mohanta, @abhijit_mohanta, Uptycs
- Akshat Pradhan, Qualys
- Alex Hinchliffe, Palo Alto Networks
- Alex Parsons, Crowdstrike
- Alex Spivakovsky, Pentera
- Andrew Northern, @ex_raritas
- Antonio Piazza, @antman1p
- Austin Clark, @c2defense
- Bryan Campbell, @bry_campbell
- Chris Romano, Crowdstrike
- Clément Notin, Tenable
- Cody Thomas, SpecterOps
- Craig Smith, BT Security
- Csaba Fitzl @theevilbit of Offensive Security
- Daniel Acevedo, Blackbot
- Daniel Feichter, @VirtualAllocEx, Infosec Tirol
- Daniyal Naeem, BT Security
- Darin Smith, Cisco
- Dror Alon, Palo Alto Networks
- Edward Millington
- Elvis Veliz, Citi
- Emily Ratliff, IBM
- Eric Kaiser @ideologysec
- ESET
- Hannah Simes, BT Security
- Harshal Tupsamudre, Qualys
- Hiroki Nagahama, NEC Corporation
- Isif Ibrahima, Mandiant
- Jack Burns, HubSpot
- James_inthe_box, Me
- Jan Petrov, Citi
- Jannie Li, Microsoft Threat Intelligence Center (MSTIC)
- Jeremy Galloway
- Joas Antonio dos Santos, @C0d3Cr4zy, Inmetrics
- John Page (aka hyp3rlinx), ApparitionSec
- Jon Sternstein, Stern Security
- Kobi Haimovich, CardinalOps
- Krishnan Subramanian, @krish203
- Kyaw Pyiyt Htet, @KyawPyiytHtet
- Leo Zhang, Trend Micro
- Manikantan Srinivasan, NEC Corporation India
- Massimiliano Romano, BT Security
- Matthew Green
- Mayan Arora aka Mayan Mohan
- Mayuresh Dani, Qualys
- Michael Raggi @aRtAGGI
- Mohamed Kmal
- NEC
- NST Assure Research Team, NetSentries Technologies
- Oleg Kolesnikov, Securonix
- Or Kliger, Palo Alto Networks
- Pawel Partyka, Microsoft 365 Defender
- Phil Taylor, BT Security
- Pià Consigny, Tenable
- Pooja Natarajan, NEC Corporation India
- Praetorian
- Prasad Somasamudram, McAfee
- Ram Pliskin, Microsoft Azure Security Center
- Richard Julian, Citi
- Runa Sandvik
- Sekhar Sarukkai, McAfee
- Selena Larson, @selenalarson
- Shilpesh Trivedi, Uptycs
- Sittikorn Sangrattanapitak
- Steven Du, Trend Micro
- Suzy Schapperle - Microsoft Azure Red Team
- Syed Ummar Farooqh, McAfee
- Taewoo Lee, KISA
- The Wover, @TheRealWover
- Tiago Faria, 3CORESec
- Tony Lee
- Travis Smith, Qualys
- TruKno
- Tsubasa Matsuda, NEC Corporation
- Vinay Pidathala
- Wes Hurd
- Wietze Beukema, @wietze
- Wojciech Lesicki
- Zachary Abzug, @ZackDoesML
- Zachary Stanford, @svch0st