Updates January 2018

From enterprise
Jump to: navigation, search

Techniques

19 new techniques - Up to 188 from 169:

Three techniques renamed

Many techniques updated

  • Changes include adding new technical description information, detection and mitigation details, references, and adversary use examples. These range from major revisions, like with Process Injection and Access Token Manipulation to add substantially new information in the technical descriptions, to minor revisions, like InstallUtil to add some additional details.

Groups and Software

In addition to the new pages below, we updated many Group and Software pages, including OilRig and Dragonfly. We also added additional Group aliases in an attempt to track overlapping activity from multiple vendors as a single Group.

Nine new groups:

26 new software entries:

Other Changes

Consolidated platforms parameters - It was becoming cumbersome to track individual OS platform versions and releases. Since many of the techniques described work across most versions of a platform, we decided to consolidate them to down to one tag. Any version requirements will be captured in the technical description and requirements sections of a technique

  • All Windows versions -> Windows
  • MacOS/OS X -> macOS
  • Linux - no change