Updates - October 2023

Version Start Date End Date Data Changelogs
ATT&CK v14 October 31, 2023 April 22, 2024 v14.0 on MITRE/CTI
v14.1 on MITRE/CTI
13.1 - 14.0 Details (JSON)
14.0 - 14.1 Details (JSON)

The October 2023 (v14) ATT&CK release updates Techniques, Groups, Campaigns and Software for Enterprise, Mobile, and ICS. The biggest changes in ATT&CK v14 are a large expansion of detection notes and analytics to Techniques in Enterprise, a minor scoping change to Enterprise resulting in coverage of Financial Theft and Voice Phishing, structured Detections in Mobile, and the (re-)addition of Assets to ICS. An accompanying blog post describes these changes as well as improvements across ATT&CK's various domains and platforms.

This release also includes a human-readable detailed changelog showing more specifically what changed in updated ATT&CK objects, and a machine-readable JSON changelog, whose format is described in ATT&CK's Github.

This version of ATT&CK contains 760 Pieces of Software, 143 Groups, and 24 Campaigns. Broken out by domain:

  • Enterprise: 201 Techniques, 424 Sub-Techniques, 141 Groups, 648 Pieces of Software, 23 Campaigns, 43 Mitigations, and 109 Data Sources
  • Mobile: 72 Techniques, 42 Sub-Techniques, 8 Groups, 108 Pieces of Software, 1 Campaign, 12 Mitigations, and 15 Data Sources
  • ICS: 81 Techniques, 13 Groups, 21 Pieces of Software, 52 Mitigations, 3 Campaigns, 14 Assets, and 34 Data Sources

Release Notes Terminology

  • New: ATT&CK objects which are only present in the new release.
  • Major version changes: ATT&CK objects that have a major version change. (e.g. 1.0 → 2.0)
  • Minor version changes: ATT&CK objects that have a minor version change. (e.g. 1.0 → 1.1)
  • Other version changes: ATT&CK objects that have a version change of any other kind. (e.g. 1.0 → 1.2)
  • Patches: ATT&CK objects that have been patched while keeping the version the same. (e.g., 1.0 → 1.0 but something immaterial like a typo, a URL, or some metadata was fixed)
  • Revocations: ATT&CK objects which are revoked by a different object.
  • Deprecations: ATT&CK objects which are deprecated and no longer in use, and not replaced.
  • Deletions: ATT&CK objects which are no longer found in the STIX data.

Techniques

Enterprise

New Techniques

Major Version Changes

Minor Version Changes

Patches

Mobile

New Techniques

Minor Version Changes

Patches

ICS

Minor Version Changes

Patches

Software

Enterprise

New Software

Major Version Changes

Minor Version Changes

Patches

Revocations

  • Ngrok (revoked by ngrok) (v1.1)

Mobile

New Software

ICS

Minor Version Changes

Patches

Groups

Enterprise

New Groups

Major Version Changes

Minor Version Changes

Patches

Mobile

New Groups

Minor Version Changes

ICS

Major Version Changes

Minor Version Changes

Campaigns

Enterprise

New Campaigns

Minor Version Changes

Mobile

ICS

New Campaigns

Deprecations

Assets

ICS

New Assets

Mitigations

Enterprise

Minor Version Changes

Mobile

New Mitigations

Minor Version Changes

Patches

ICS

Minor Version Changes

Patches

Contributors to this release

  • Aaron Jornet
  • Adam Lichters
  • Adam Mashinchi
  • Ai Kimura, NEC Corporation
  • Alain Homewood
  • Alex Spivakovsky, Pentera
  • Amir Gharib, Microsoft Threat Intelligence
  • Andrew Northern, @ex_raritas
  • Arad Inbar, Fidelis Security
  • Austin Herrin
  • Ben Smith, @ezaspy
  • Bilal Bahadır Yenici
  • Blake Strom, Microsoft Threat Intelligence
  • Brian Donohue
  • Caio Silva
  • Christopher Peacock
  • Edward Stevens, BT Security
  • Ford Qin, Trend Micro
  • Giorgi Gurgenidze, ISAC
  • Goldstein Menachem
  • Gregory Lesnewich, @greglesnewich
  • Gunji Satoshi, NEC Corporation
  • Harry Kim, CODEMIZE
  • Harun Küßner
  • Hiroki Nagahama, NEC Corporation
  • Itamar Mizrahi, Cymptom
  • Jack Burns, HubSpot
  • Janantha Marasinghe
  • Jennifer Kim Roman, CrowdStrike
  • Joas Antonio dos Santos, @C0d3Cr4zy
  • Joe Gumke, U.S. Bank
  • Joe Slowik - Dragos
  • Joey Lei
  • Juan Tapiador
  • Liran Ravich, CardinalOps
  • Manikantan Srinivasan, NEC Corporation India
  • Martin McCloskey, Datadog
  • Matt Green, @mgreen27
  • Michael Raggi @aRtAGGI
  • Mohit Rathore
  • Naveen Devaraja, bolttech
  • Noam Lifshitz, Sygnia
  • Olaf Hartong, Falcon Force
  • Oren Biderman, Sygnia
  • Pawel Partyka, Microsoft Threat Intelligence
  • Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd
  • Pooja Natarajan, NEC Corporation India
  • Sam Seabrook, Duke Energy
  • Serhii Melnyk, Trustwave SpiderLabs
  • Shailesh Tiwary (Indian Army)
  • Shankar Raman, Gen Digital and Abhinand, Amrita University
  • Sunders Bruskin, Microsoft Threat Intelligence
  • Tahseen Bin Taj
  • Thanabodi Phrakhun, @naikordian
  • The DFIR Report
  • Tim (Wadhwa-)Brown
  • Tom Simpson, CrowdStrike Falcon OverWatch
  • Tristan Madani (Cybereason)
  • TruKno
  • Uriel Kosayev
  • Vijay Lalwani
  • Will Thomas, Equinix
  • Yasuhito Kawanishi, NEC Corporation
  • Yoshihiro Kori, NEC Corporation
  • Yossi Weizman, Microsoft Threat Intelligence