Updates - April 2024

Version Start Date End Date Data Changelogs
ATT&CK v15 April 23, 2024 October 30, 2024 v15.0 on MITRE/CTI
v15.1 on MITRE/CTI
v14.1 - v15.0 Details (JSON)
v15.0 - v15.1 Details (JSON)

The April 2024 (v15) ATT&CK release updates Techniques, Groups, Campaigns and Software for Enterprise, Mobile, and ICS.

The biggest changes in ATT&CK v15 are a shift in language (from CAR pseudocode to real-world query languages) for analytics in Enterprise detections, detection notes and analytics added to Enterprise Execution techniques, improved defensive recommendations for Cloud techniques, and the addition of activity from a number of cyber-criminal and underreported threat groups. An accompanying blog post describes these changes as well as additional improvements across ATT&CK's various domains and platforms.

This release also includes a human-readable detailed changelog showing more specifically what changed in updated ATT&CK objects, and a machine-readable JSON changelog, whose format is described in ATT&CK's Github.

This version of ATT&CK contains 794 Pieces of Software, 152 Groups, and 30 Campaigns. Broken out by domain:

  • Enterprise: 14 Tactics, 202 Techniques, 435 Sub-Techniques, 148 Groups, 677 Pieces of Software, 28 Campaigns, 43 Mitigations, and 37 Data Sources
  • Mobile: 12 Tactics, 73 Techniques, 46 Sub-Techniques, 13 Groups, 113 Pieces of Software, 2 Campaigns, 13 Mitigations, and 6 Data Sources
  • ICS: 12 Tactics, 83 Techniques, 0 Sub-Techniques, 14 Groups, 21 Pieces of Software, 6 Campaigns, 52 Mitigations, 14 Assets, and 17 Data Sources

Release Notes Terminology

  • New: ATT&CK objects which are only present in the new release.
  • Major version changes: ATT&CK objects that have a major version change. (e.g. 1.0 → 2.0)
  • Minor version changes: ATT&CK objects that have a minor version change. (e.g. 1.0 → 1.1)
  • Other version changes: ATT&CK objects that have a version change of any other kind. (e.g. 1.0 → 1.2)
  • Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something immaterial like a typo, a URL, or some metadata was fixed)
  • Revocations: ATT&CK objects which are revoked by a different object.
  • Deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
  • Deletions: ATT&CK objects which are no longer found in the STIX data.

Techniques

Enterprise

New Techniques

Major Version Changes

Minor Version Changes

Patches

Mobile

New Techniques

Minor Version Changes

ICS

New Techniques

Minor Version Changes

Patches

Software

Enterprise

New Software

Major Version Changes

Minor Version Changes

Patches

Mobile

New Software

Minor Version Changes

ICS

Minor Version Changes

Patches

Groups

Enterprise

New Groups

Major Version Changes

Minor Version Changes

Patches

Mobile

New Groups

Major Version Changes

Minor Version Changes

ICS

New Groups

Major Version Changes

Minor Version Changes

Campaigns

Enterprise

New Campaigns

Minor Version Changes

Mobile

New Campaigns

Minor Version Changes

ICS

New Campaigns

Mitigations

Enterprise

Minor Version Changes

Mobile

New Mitigations

Data Components

Mobile

New Data Components

Contributors to this release

  • @_montysecurity
  • Alexander Rodchenko
  • Ami Holeston
  • Andrew Northern, @ex_raritas
  • Blake Strom, Microsoft Threat Intelligence
  • BT Security
  • Daniel Fernando Soriano Espinosa
  • David Galazin @themalwareman1
  • Debabrata Sharma
  • Denise Tan
  • Diyar Saadi Ali
  • Dragos Threat Intelligence
  • Dray Agha, @Purp1eW0lf, Huntress Labs
  • Eduardo Chavarro Ovalle
  • Edward Stevens
  • Eliav Livneh
  • Eliraz Levi, Hunters
  • Gabriel Currie
  • Gavin Knapp
  • Goldstein Menachem
  • Harjot Shah Singh
  • Harun Küßner
  • Hen Porcilan
  • Hiroki Nagahama, NEC Corporation
  • Ivy Bostock
  • Jai Minton, @Cyberraiju
  • Jeremy Hedges
  • Jiraput Thamsongkrah
  • Joas Antonio dos Santos, @C0d3Cr4zy
  • Joe Wise
  • Joshua Penny
  • Kostya Vasilkov
  • Liran Ravich, CardinalOps
  • Manikantan Srinivasan, NEC Corporation India
  • Marina Liang
  • Mark Tsipershtein
  • Matt Mullins
  • Monty
  • Nikita Rostovcev, Group-IB
  • Nikola Kovac
  • Obsidian Security
  • Pooja Natarajan, NEC Corporation India
  • Rahmat Nurfauzi, @infosecn1nja, PT Xynexis International
  • Sam Seabrook, Duke Energy
  • SCILabs
  • Selena Larson, @selenalarson
  • Serhii Melnyk, Trustwave SpiderLabs
  • Shankar Raman, Amrita University, Gen Digital, Traboda
  • Shaul Vilkomir-Preisman
  • Sittikorn Sangrattanapitak
  • Takahashi Wataru, NEC Corporation
  • Tamir Yehuda
  • Thomas B
  • Tim (Wadhwa-)Brown
  • Tristan Madani
  • TruKno
  • Vectra AI
  • Viren Chaudhari, Qualys
  • Will Alexander
  • Wirapong Petshagun
  • Yves Yonan