Updates - April 2022

Version Start Date End Date Data Changelogs
ATT&CK v11 April 25, 2022 October 24, 2022 v11.0 on MITRE/CTI
v11.1 on MITRE/CTI
v11.2 on MITRE/CTI
v11.3 on MITRE/CTI
v10.1 - v11.0 Details (JSON)
v11.0 - v11.1 Details (JSON)
v11.1 - v11.2 Details (JSON)
v11.2 - v11.3 Details (JSON)

The April 2022 (v11) ATT&CK release updates Techniques, Groups, and Software for Enterprise, Mobile, and ICS. The biggest changes are the restructuring of Detections, now tied to Data Source and Data Component objects in Enterprise ATT&CK, a beta release of ATT&CK for Mobile leveraging sub-techniques, and ATT&CK for ICS now on attack.mitre.org An accompanying blog post describes these changes as well as improvements across ATT&CK's various domains and platforms.

This release contains a beta version of ATT&CK for Mobile represented using sub-techniques. The current stable version of ATT&CK for Mobile can still be found at https://attack.mitre.org/versions/v10/matrices/mobile/. Information on how to make the transition to this new version of ATT&CK for Mobile can be found in an accompanying blog post. A version of this beta content rendered in STIX can be found in our GitHub repo.

In this release we have replaced the Enterprise Sub-Techniques Boot or Logon Autostart Execution: Plist Modification (T1547.011) with Plist File Modification (T1647) and Scheduled Task/Job: At (Linux)(T1053.001) was incorporated into Scheduled Task/Job: At (T1053.002) in to better reflect adversary behavior.

This version of ATT&CK for Enterprise contains 14 Tactics, 191 Techniques, 386 Sub-techniques, 134 Groups, and 680 Pieces of Software.

Techniques

Enterprise

New Techniques

Technique changes

Minor Technique changes

Technique revocations

Technique deprecations

  • No changes

Mobile v11.0-beta

The below changes represent the Mobile v11.0-beta release. The current production release at https://attack.mitre.org/versions/v10/matrices/mobile/ remains unchanged.

New Techniques

Technique changes

Minor Technique changes

  • No changes

Technique revocations

Technique deprecations

Software

Enterprise

New Software

Software changes

Minor Software changes

Software revocations

  • No changes

Software deprecations

  • No changes

Mobile

New Software

  • No changes

Software changes

Minor Software changes

Software revocations

  • No changes

Software deprecations

  • No changes

Groups

Enterprise

New Groups

Group changes

Minor Group changes

Group revocations

Group deprecations

  • No changes

Mobile

New Groups

  • No changes

Group changes

Minor Group changes

  • No changes

Group revocations

  • No changes

Group deprecations

  • No changes

Mitigations

Enterprise

New Mitigations

  • No changes

Mitigation changes

Minor Mitigation changes

  • No changes

Mitigation revocations

  • No changes

Mitigation deprecations

  • No changes

Mobile

New Mitigations

  • No changes

Mitigation changes

  • No changes

Minor Mitigation changes

  • No changes

Mitigation revocations

  • No changes

Mitigation deprecations

Data Sources and/or Components

Enterprise

New Data Sources and/or Components

  • No changes

Data Source and/or Component changes:

  • No changes

Minor Data Source and/or Component changes

Data Source and/or Component revocations

  • No changes

Data Source and/or Component deprecations

  • No changes

Mobile

ATT&CK for Mobile does not support data sources

Contributors to this release

  • Abhijit Mohanta, @abhijit_mohanta, Uptycs
  • Akshat Pradhan, Qualys
  • Alex Hinchliffe, Palo Alto Networks
  • Alex Parsons, Crowdstrike
  • Alex Spivakovsky, Pentera
  • Andrew Northern, @ex_raritas
  • Antonio Piazza, @antman1p
  • Austin Clark, @c2defense
  • Bryan Campbell, @bry_campbell
  • Chris Romano, Crowdstrike
  • Clément Notin, Tenable
  • Cody Thomas, SpecterOps
  • Craig Smith, BT Security
  • Csaba Fitzl @theevilbit of Offensive Security
  • Daniel Acevedo, Blackbot
  • Daniel Feichter, @VirtualAllocEx, Infosec Tirol
  • Daniyal Naeem, BT Security
  • Darin Smith, Cisco
  • Dror Alon, Palo Alto Networks
  • Edward Millington
  • Elvis Veliz, Citi
  • Emily Ratliff, IBM
  • Eric Kaiser @ideologysec
  • ESET
  • Hannah Simes, BT Security
  • Harshal Tupsamudre, Qualys
  • Hiroki Nagahama, NEC Corporation
  • Isif Ibrahima, Mandiant
  • Jack Burns, HubSpot
  • James_inthe_box, Me
  • Jan Petrov, Citi
  • Jannie Li, Microsoft Threat Intelligence Center (MSTIC)
  • Jeremy Galloway
  • Joas Antonio dos Santos, @C0d3Cr4zy, Inmetrics
  • John Page (aka hyp3rlinx), ApparitionSec
  • Jon Sternstein, Stern Security
  • Kobi Haimovich, CardinalOps
  • Krishnan Subramanian, @krish203
  • Kyaw Pyiyt Htet, @KyawPyiytHtet
  • Leo Zhang, Trend Micro
  • Manikantan Srinivasan, NEC Corporation India
  • Massimiliano Romano, BT Security
  • Matthew Green
  • Mayan Arora aka Mayan Mohan
  • Mayuresh Dani, Qualys
  • Michael Raggi @aRtAGGI
  • Mohamed Kmal
  • NEC
  • NST Assure Research Team, NetSentries Technologies
  • Oleg Kolesnikov, Securonix
  • Or Kliger, Palo Alto Networks
  • Pawel Partyka, Microsoft 365 Defender
  • Phil Taylor, BT Security
  • Pià Consigny, Tenable
  • Pooja Natarajan, NEC Corporation India
  • Praetorian
  • Prasad Somasamudram, McAfee
  • Ram Pliskin, Microsoft Azure Security Center
  • Richard Julian, Citi
  • Runa Sandvik
  • Sekhar Sarukkai, McAfee
  • Selena Larson, @selenalarson
  • Shilpesh Trivedi, Uptycs
  • Sittikorn Sangrattanapitak
  • Steven Du, Trend Micro
  • Suzy Schapperle - Microsoft Azure Red Team
  • Syed Ummar Farooqh, McAfee
  • Taewoo Lee, KISA
  • The Wover, @TheRealWover
  • Tiago Faria, 3CORESec
  • Tony Lee
  • Travis Smith, Qualys
  • TruKno
  • Tsubasa Matsuda, NEC Corporation
  • Vinay Pidathala
  • Wes Hurd
  • Wietze Beukema, @wietze
  • Wojciech Lesicki
  • Zachary Abzug, @ZackDoesML
  • Zachary Stanford, @svch0st