Updates - April 2024
The April 2024 (v15) ATT&CK release updates Techniques, Groups, Campaigns and Software for Enterprise, Mobile, and ICS.
The biggest changes in ATT&CK v15 are a shift in language (from CAR pseudocode to real-world query languages) for analytics in Enterprise detections, detection notes and analytics added to Enterprise Execution techniques, improved defensive recommendations for Cloud techniques, and the addition of activity from a number of cyber-criminal and underreported threat groups. An accompanying blog post describes these changes as well as additional improvements across ATT&CK's various domains and platforms.
This release also includes a human-readable detailed changelog showing more specifically what changed in updated ATT&CK objects, and a machine-readable JSON changelog, whose format is described in ATT&CK's Github.
This version of ATT&CK contains 794 Pieces of Software, 152 Groups, and 30 Campaigns. Broken out by domain:
- Enterprise: 14 Tactics, 202 Techniques, 435 Sub-Techniques, 148 Groups, 677 Pieces of Software, 28 Campaigns, 43 Mitigations, and 37 Data Sources
- Mobile: 12 Tactics, 73 Techniques, 46 Sub-Techniques, 13 Groups, 113 Pieces of Software, 2 Campaigns, 13 Mitigations, and 6 Data Sources
- ICS: 12 Tactics, 83 Techniques, 0 Sub-Techniques, 14 Groups, 21 Pieces of Software, 6 Campaigns, 52 Mitigations, 14 Assets, and 17 Data Sources
Release Notes Terminology
- New: ATT&CK objects which are only present in the new release.
- Major version changes: ATT&CK objects that have a major version change. (e.g. 1.0 → 2.0)
- Minor version changes: ATT&CK objects that have a minor version change. (e.g. 1.0 → 1.1)
- Other version changes: ATT&CK objects that have a version change of any other kind. (e.g. 1.0 → 1.2)
- Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something immaterial like a typo, a URL, or some metadata was fixed)
- Revocations: ATT&CK objects which are revoked by a different object.
- Deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
- Deletions: ATT&CK objects which are no longer found in the STIX data.
Techniques
Enterprise
New Techniques
Major Version Changes
Minor Version Changes
Patches
Mobile
New Techniques
Minor Version Changes
ICS
New Techniques
Minor Version Changes
Patches
Software
Enterprise
New Software
Major Version Changes
Minor Version Changes
Patches
Mobile
New Software
Minor Version Changes
ICS
Minor Version Changes
Patches
Groups
Enterprise
New Groups
Major Version Changes
Minor Version Changes
Patches
Mobile
New Groups
Major Version Changes
Minor Version Changes
ICS
New Groups
Major Version Changes
Minor Version Changes
Campaigns
Enterprise
New Campaigns
Minor Version Changes
Mobile
New Campaigns
Minor Version Changes
ICS
New Campaigns
Mitigations
Enterprise
Minor Version Changes
Mobile
New Mitigations
Data Components
Mobile
New Data Components
Contributors to this release
- @_montysecurity
- Alexander Rodchenko
- Ami Holeston
- Andrew Northern, @ex_raritas
- Blake Strom, Microsoft Threat Intelligence
- BT Security
- Daniel Fernando Soriano Espinosa
- David Galazin @themalwareman1
- Debabrata Sharma
- Denise Tan
- Diyar Saadi Ali
- Dragos Threat Intelligence
- Dray Agha, @Purp1eW0lf, Huntress Labs
- Eduardo Chavarro Ovalle
- Edward Stevens
- Eliav Livneh
- Eliraz Levi, Hunters
- Gabriel Currie
- Gavin Knapp
- Goldstein Menachem
- Harjot Shah Singh
- Harun Küßner
- Hen Porcilan
- Hiroki Nagahama, NEC Corporation
- Ivy Bostock
- Jai Minton, @Cyberraiju
- Jeremy Hedges
- Jiraput Thamsongkrah
- Joas Antonio dos Santos, @C0d3Cr4zy
- Joe Wise
- Joshua Penny
- Kostya Vasilkov
- Liran Ravich, CardinalOps
- Manikantan Srinivasan, NEC Corporation India
- Marina Liang
- Mark Tsipershtein
- Matt Mullins
- Monty
- Nikita Rostovcev, Group-IB
- Nikola Kovac
- Obsidian Security
- Pooja Natarajan, NEC Corporation India
- Rahmat Nurfauzi, @infosecn1nja, PT Xynexis International
- Sam Seabrook, Duke Energy
- SCILabs
- Selena Larson, @selenalarson
- Serhii Melnyk, Trustwave SpiderLabs
- Shankar Raman, Amrita University, Gen Digital, Traboda
- Shaul Vilkomir-Preisman
- Sittikorn Sangrattanapitak
- Takahashi Wataru, NEC Corporation
- Tamir Yehuda
- Thomas B
- Tim (Wadhwa-)Brown
- Tristan Madani
- TruKno
- Vectra AI
- Viren Chaudhari, Qualys
- Will Alexander
- Wirapong Petshagun
- Yves Yonan