Updates April 2018

From enterprise
Jump to: navigation, search

Initial Access Tactic Addition

Initial Access was added to ATT&CK and some techniques were added to Execution to cover the Launch and Compromise techniques within PRE-ATT&CK. The techniques were refactored to fit the enterprise level of detail.

The following techniques were added under Initial Access:

The following existing techniques were cross-referenced into Initial Access:

The following techniques were added to Execution:

Techniques

Aside from those added from PRE-ATT&CK, 23 additional new techniques were added - Up to 219 from 188:

One technique renamed

Moderate to major updates to scope and/or content

Groups and Software

Nine new groups:

Group Updates Patchwork combined with Monsoon, G0042 redirects to G0040

Groups with New Techniques Added'

45 new software entries:

Other Changes

Exploitation of Vulnerability Breakout - With the addition of Initial Access, more clarity was needed to define software exploitation behavior. The original Exploitation of Vulnerability technique was broken out into six variations specifically for individual tactics.

Software Platforms - Added Windows, Linux, and macOS tags for software objects.