Updates - October 2020

Version Start Date End Date Data Changelogs
ATT&CK v8 October 27, 2020 April 28, 2021 v8.0 on MITRE/CTI
v8.1 on MITRE/CTI
v8.2 on MITRE/CTI
v7.2 - v8.0 Details (JSON)
v8.0 - v8.1 Details (JSON)
v8.1 - v8.2 Details (JSON)

The October 2020 (v8) ATT&CK release updates Techniques, Groups, and Software for both Enterprise and Mobile. The biggest changes are the deprecation of the PRE-ATT&CK domain, the addition of two new Tactics to replace PRE-ATT&CK, and the addition of the Network platform to Enterprise ATT&CK.

This version of ATT&CK for Enterprise contains 14 Tactics, 177 Techniques, and 348 Sub-techniques.

Retirement of PRE-ATT&CK

This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development. A new platform has also been added to ATT&CK to represent the environment these techniques occur in, PRE. The previous contents of PRE-ATT&CK have been preserved here. See the accompanying blog post for more details.

New techniques in Reconnaissance:

New techniques in Resource Development:

ATT&CK for Network Infrastructure Devices

13 techniques and 15 sub-techniques have been added or modified to cover adversary behavior against network infrastructure devices that constitute the fabric of enterprises' networks such as switches and routers. These techniques are represented by a new platform in ATT&CK for Enterprise, Network.

New and updated techniques for Network:

Many of the new Network techniques and sub-techniques focus on embedded network devices running closed source proprietary operating systems. This is largely driven by behaviors present in reported in the wild intrusions. Many newer devices leverage commodity embedded operating systems such as Linux or BSD variants, but accounts of adversary activity against these have been more sparse. However, network infrastructure devices running proprietary operating systems are still widely deployed on the Internet and within enterprises.

We will continue to build out additional Network techniques and sub-techniques as they become known. We welcome contributions and feedback from the community and look to improve this representation of behaviors in the network infrastructure devices space.

Techniques

Enterprise

We also added 1 additional new technique and 7 sub-techniques to Enterprise in this ATT&CK release beyond the scope of the above updates:

All Enterprise technique changes are documented below.

New Techniques:

Technique changes:

Minor Technique changes:

Technique revocations: No changes

Technique deprecations: No changes

Mobile

New Techniques:

Technique changes:

Minor Technique changes: No changes

Technique revocations:

Technique deprecations: No changes

Software

Enterprise

New Software:

Software changes:

Minor Software changes:

Software revocations: No changes

Software deprecations: No changes

Software deletions:

  • Twitoor

Mobile

New Software:

Software changes:

Minor Software changes: No changes

Software revocations: No changes

Software deprecations: No changes

Groups

Enterprise

New Groups:

Group changes:

Minor Group changes:

Group revocations: No changes

Group deprecations: No changes

Mobile

New Groups: No changes

Group changes:

Minor Group changes: No changes

Group revocations: No changes

Group deprecations: No changes

Mitigations

Enterprise

New Mitigations:

Mitigation changes:

Minor Mitigation changes: No changes

Mitigation revocations: No changes

Mitigation deprecations: No changes

Mobile

New Mitigations: No changes

Mitigation changes: No changes

Minor Mitigation changes: No changes

Mitigation revocations: No changes

Mitigation deprecations: No changes