Updates - January 2018

Version Start Date End Date Data
ATT&CK v1 January 6, 2018 April 12, 2018 v1.0 on MITRE/CTI


19 new techniques - Up to 188 from 169:

Three techniques renamed

DLL Injection -> Process Injection Cron -> Local Job Scheduling Local Port Monitor -> Port Monitors

Many techniques updated

Changes include adding new technical description information, detection and mitigation details, references, and adversary use examples. These range from major revisions, like with Process Injection and Access Token Manipulation to add substantially new information in the technical descriptions, to minor revisions, like InstallUtil to add some additional details.

Groups and Software

In addition to the new pages below, we updated many Group and Software pages, including OilRig and Dragonfly. We also added additional Associated Groups in an attempt to track overlapping activity from multiple vendors as a single Group.

Nine new groups:

26 new software entries:

Other Changes

Consolidated platforms parameters - It was becoming cumbersome to track individual OS platform versions and releases. Since many of the techniques described work across most versions of a platform, we decided to consolidate them to down to one tag. Any version requirements will be captured in the technical description and requirements sections of a technique

  • All Windows versions -> Windows
  • MacOS/OS X -> macOS
  • Linux - no change