Updates - April 2023

Version Start Date End Date Data Changelogs
ATT&CK v13 April 25, 2023 October 30, 2023 v13.0 on MITRE/CTI
v13.1 on MITRE/CTI
v12.1 - v13.0 Details (JSON)
v13.0 - v13.1 Details (JSON)

The April 2023 (v13) ATT&CK release updates Techniques, Groups, Campaigns and Software for Enterprise, Mobile, and ICS. The biggest changes in ATT&CK v13 are the addition of detailed detection guidance to some Techniques in ATT&CK for Enterprise, Mobile Data Sources, and two new types of changelogs to help identify more precisely what has changed in ATT&CK. An accompanying blog post describes these changes as well as improvements across ATT&CK's various domains and platforms.

This release includes a new human-readable detailed changelog showing more specifically what changed in updated ATT&CK objects, and a new machine-readable JSON changelog, whose format is described in ATT&CK's Github. The terminology used in these release notes has also been updated to better describe the changes to various ATT&CK objects:

  • New objects: ATT&CK objects which are only present in the new release.
  • Major version changes: ATT&CK objects that have a major version change. (e.g., 1.0 → 2.0)
  • Minor version changes: ATT&CK objects that have a minor version change. (e.g., 1.0 → 1.1)
  • Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something like a typo, a URL, or some metadata was fixed)
  • Object revocations: ATT&CK objects which are revoked by a different object.
  • Object deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
  • Object deletions: ATT&CK objects which are no longer found in the STIX data.

This version of ATT&CK for Enterprise contains 14 Tactics, 196 Techniques, 411 Sub-techniques, 138 Groups, 22 Campaigns, and 740 Pieces of Software.

Techniques

Enterprise

New Techniques

Major Version Changes

Minor Version Changes

Patches

Mobile

Minor Version Changes

ICS

New Techniques

Minor Version Changes

Patches

Software

Enterprise

New Software

Minor Version Changes

Patches

Mobile

New Software

Major Version Changes

Minor Version Changes

Patches

ICS

New Software

Minor Version Changes

Patches

Groups

Enterprise

New Groups

Major Version Changes

Minor Version Changes

Patches

Mobile

Major Version Changes

Patches

ICS

Major Version Changes

Minor Version Changes

Patches

Campaigns

Enterprise

New Campaigns

Minor Version Changes

Mobile

ICS

New Campaigns

Mitigations

Enterprise

Minor Version Changes

Mobile

ICS

New Mitigations

Minor Version Changes

Patches

Data Sources

Enterprise

Patches

Mobile

New Data Sources

ICS

Patches

Data Components

Enterprise

Patches

Mobile

New Data Components

ICS

Patches

Contributors to this release

  • Adam Lichters
  • Adrien Bataille
  • Akiko To, NEC Corporation
  • Akshat Pradhan, Qualys
  • Anders Vejlby
  • Austin Clark, @c2defense
  • Ben Smith
  • Bryan Onel
  • Caio Silva
  • Center for Threat-Informed Defense (CTID)
  • Christopher Peacock
  • Cisco
  • CrowdStrike Falcon OverWatch
  • Daniel Acevedo, @darmad0, ARMADO
  • Daniyal Naeem, BT Security
  • Denise Tan
  • Dor Edry, Microsoft
  • Douglas Weir
  • Duane Michael
  • Dylan
  • Elpidoforos Maragkos, @emaragkos
  • Emad Al-Mousa, Saudi Aramco
  • ExtraHop
  • Felix Eberstaller
  • Filip Kafka, ESET
  • Flavio Costa, Cisco
  • Gavin Knapp
  • George Thomas
  • Goldstein Menachem
  • Hiroki Nagahama, NEC Corporation
  • Hubert Mank
  • Inna Danilevich, U.S Bank
  • Jared Wilson
  • Jason Sevilla
  • Jeffrey Barto
  • Jeremy Kennelly
  • Jimmy Wylie, Dragos, Inc.
  • Joas Antonio dos Santos, @C0d3Cr4zy
  • Joe Gumke, U.S. Bank
  • Jonny Johnson
  • Josh Arenas, Trustwave Spiderlabs
  • Juan Carlos Campuzano - Mnemo-CERT
  • Kuessner Consulting
  • Kyaw Pyiyt Htet, @KyawPyiytHtet
  • Liora Itkin
  • Liran Ravich, CardinalOps
  • Lucas Heiligenstein
  • Manikantan Srinivasan, NEC Corporation India
  • Marcus Weeks
  • Mark Wee
  • Massimiliano Romano, BT Security
  • Mathieu Hinse
  • Matt Brenton, Zurich Global Information Security
  • Mayuresh Dani, Qualys
  • Mindaugas Gudzis, BT Security
  • Miroslav Babiš, ESET
  • Muhammad Moiz Arshad, @5T34L7H
  • Nader Zaveri
  • Nichols Jasper
  • Ohad Zaidenberg, @ohad_mz
  • Ozan Olali
  • Pallavi Sivakumaran
  • Pooja Natarajan, NEC Corporation India
  • Ross Brittain
  • Scott Cook, Capital One
  • Shailesh Tiwary (Indian Army)
  • Simona David
  • Sittikorn Sangrattanapitak
  • Thanabodi
  • Tim (Wadhwa-)Brown
  • Tim Peck
  • Tom Hegel
  • Tristan Bennett, Seamless Intelligence
  • TruKno
  • Vinayak Wadhwa, SAFE Security
  • Wataru Takahashi, NEC Corporation
  • Yinon Engelsman, Talon Cyber Security
  • Yonatan Gotlib, Talon Cyber Security
  • Yoshihiro Kori, NEC Corporation
  • Zaw Min Htun, @Z3TAE
  • Zuzana Legáthová, ESET