Updates - July 2017
Big update for July 2017. ATT&CK now totals 169 techniques across Windows, Mac, and Linux:
Rollout of Mac and Linux ATT&CK for Enterprise techniques
- 89 total techniques, including 29 additions for MacOS/OS X - Mac Technique Matrix
- 80 total techniques, including 12 additions for Linux - Linux Technique Matrix
- Many existing techniques also received content updates to include details for Mac and/or Linux
Up to 140 techniques for Windows:
New techniques:
- Access Token Manipulation
- Network Share Discovery
- Create Account
- Office Application Startup
- Application Shimming
- Deobfuscate/Decode Files or Information
- Private Keys
- Hidden Files and Directories
Updated techniques:
- Brute Force - Added password spraying
- Trusted Developer Utilities - Renamed from Msbuild, added examples for DNX, RCSI, and WinDbg/CDB
- System Network Configuration Discovery - Renamed from 'local' to incorporate both local and remote actions
- System Network Connections Discovery - Renamed from 'local' to incorporate both local and remote actions
- Valid Accounts - Renamed from Legitimate Credentials to account for accounts created by adversaries in Create Account
- Account Manipulation - Renamed from Credential Manipulation to better suit the intent of the technique
- Accessibility Features - Large update to technical details
- System Firmware - Generalized name from Basic Input/Output System to account for (U)EFI firmware persistence
- Pass the Ticket - Updated detection and mitigation information
Changes to Groups include three new groups:
Changes to Software include new software profiles: